Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Brodsky


  • Please log in to reply

#1
Spacelord11011

Spacelord11011

    Member

  • Member
  • PipPip
  • 49 posts

hi there. I have a nasty virus which is opening multiple programmes and eating system resources. using programmes called Brodsky and Rivalry.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Mercedes (administrator) on PANDORA (09-06-2018 01:06:05)
Running from C:\Users\Mercedes\Desktop
Loaded Profiles: Mercedes (Available Profiles: Mercedes)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\ProgramData\Logic Cramble\set.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\congestion\congestion.exe
() C:\Program Files (x86)\Hesitates\Rivalry.exe
() C:\Users\Mercedes\AppData\Local\Brodsky.exe
() C:\Program Files (x86)\Legg\loveridge.exe
() C:\Program Files (x86)\Hesitates\Brodsky.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Users\Mercedes\AppData\Local\Rivalry.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Corel Corporation) C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Users\Mercedes\AppData\Local\Rivalry.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
() C:\Program Files (x86)\Legg\loveridge.exe
() C:\Users\Mercedes\AppData\Local\Brodsky.exe
() C:\Program Files (x86)\Hesitates\Rivalry.exe
() C:\Program Files (x86)\Hesitates\Brodsky.exe
() C:\Program Files (x86)\congestion\congestion.exe
() C:\Program Files\ed896c4569b349cf14f608f5a7a00f93\dbe628b249273c180a6002346247c9c8.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files\ed896c4569b349cf14f608f5a7a00f93\dbe628b249273c180a6002346247c9c8.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WinZip) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
() C:\Program Files (x86)\Hesitates\Brodsky.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
() C:\Program Files (x86)\Hesitates\Brodsky.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Hesitates\Brodsky.exe
() C:\Program Files (x86)\gaea\murdering.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
(IOT Mega) C:\Users\Mercedes\AppData\Roaming\Interstatnogui\interstatnogui.exe
Failed to access process -> ShellExperienceHost.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
() C:\Program Files (x86)\Avalanche\Brodsky.exe
() C:\Program Files (x86)\dusty\Rivalry.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-15] (WinZip Computing, S.L.)
HKLM\...\Run: [Colonnades] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] ()
HKLM\...\Run: [Seshadri] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] ()
HKLM\...\Run: [Wall] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] ()
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Eakins] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] ()
HKLM-x32\...\Run: [Squamish] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] ()
HKLM-x32\...\Run: [Divinity] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [nostgo] => rundll32.exe "C:\Users\Mercedes\AppData\Local\pfialx.dll",nostgo <==== ATTENTION
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Browning] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Pareto] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Praiseworthy] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Druce] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Normative] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Affectation] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [murdering] => C:\Program Files (x86)\gaea\murdering.exe [37657 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [bullhorns] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] ()
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Interstatnogui] => C:\Users\Mercedes\AppData\Roaming\Interstatnogui\interstatnogui.exe [1115760 2018-06-06] (IOT Mega) <==== ATTENTION
AppInit_DLLs: C:\ProgramData\Quoteex\Qvofix.dll => C:\ProgramData\Quoteex\Qvofix.dll [342528 2018-06-06] ()
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Joyotcore.dll => C:\ProgramData\Quoteex\Joyotcore.dll [460800 2018-06-06] ()
Startup: C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reevaluating.lnk [2018-06-06]
ShortcutTarget: reevaluating.lnk -> C:\Program Files (x86)\Avalanche\Brodsky.exe ()
Startup: C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reevaluatingreevaluating.lnk [2018-06-06]
ShortcutTarget: reevaluatingreevaluating.lnk -> C:\Program Files (x86)\dusty\Rivalry.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1ff34650-66d5-4acc-921f-4c1e60f6e11e}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms}
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFAkhJtQ_sd8KWNJb8qtKv0dNYpzCUpwQKotc8GAnahGFJRTdeMCl5BTK3lvKfj2Kt-yzVulF9qbJboE-uJTAnDkJAnTA,,
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {1E5B71DC-45ED-4D28-B8DF-37CE2F9D7018} URL =
SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-02] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bazz Search
CHR Profile: C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default [2018-06-07]
CHR Extension: (Slides) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Sheets) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Bazz Search) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2018-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Gmail) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Mercedes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-18] (Windows ® Win 7 DDK provider) [File not signed]
R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-06] () [File not signed] <==== ATTENTION
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
R2 ed896c4569b349cf14f608f5a7a00f93; C:\Program Files\ed896c4569b349cf14f608f5a7a00f93\dbe628b249273c180a6002346247c9c8.exe [1760712 2018-06-06] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION
S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [1810944 2018-06-06] (TODO: <Company name>) [File not signed] <==== ATTENTION
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-12-24] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-02] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()
R2 867dcb50fd45ef7018a23d0efed06666; rundll32.exe C:\WINDOWS\yjvhvvrtfooukidv.ijvh DNPh [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 83a915133303ff21ff8a5b901dfa17ab; C:\WINDOWS\System32\drivers\83a915133303ff21ff8a5b901dfa17ab.sys [162712 2018-06-06] ()
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-06-02] (ELAN Microelectronic Corp.)
R1 MpKsl8170f57a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12FAEC16-FF19-4DD6-8D48-6A97D9F25583}\MpKsl8170f57a.sys [58120 2018-06-06] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-02] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-09 01:12 - 2018-06-09 01:12 - 000000000 _____ C:\jbzzytgqb79uux9
2018-06-07 22:49 - 2018-06-09 01:12 - 000023283 _____ C:\Users\Mercedes\Desktop\FRST.txt
2018-06-07 22:48 - 2018-06-07 22:49 - 000000000 ____D C:\FRST
2018-06-07 22:46 - 2018-06-07 22:46 - 000000000 ___HD C:\$WINDOWS.~BT
2018-06-07 22:44 - 2018-06-07 22:44 - 002413056 _____ (Farbar) C:\Users\Mercedes\Desktop\FRST64.exe
2018-06-07 21:58 - 2018-06-07 21:58 - 000857600 _____ C:\WINDOWS\yjvhvvrtfooukidv.ijvh
2018-06-07 21:58 - 2018-06-07 21:58 - 000000000 ____D C:\Program Files\ed896c4569b349cf14f608f5a7a00f93
2018-06-07 21:53 - 2018-06-07 21:53 - 000000072 ___SH C:\bootTel.dat
2018-06-06 19:55 - 2018-06-06 19:55 - 001830912 _____ C:\WINDOWS\54c7e575ec387f2ba0b614c3d95d2a1c.exe
2018-06-06 19:55 - 2018-06-06 19:55 - 000162712 _____ C:\WINDOWS\system32\Drivers\83a915133303ff21ff8a5b901dfa17ab.sys
2018-06-06 19:55 - 2018-06-06 19:55 - 000096527 _____ C:\WINDOWS\uninstaller.dat
2018-06-06 01:17 - 2018-06-09 01:12 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-06-06 01:14 - 2018-06-06 01:14 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-06-06 01:13 - 2018-06-06 01:13 - 000003292 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6
2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4
2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2018-06-06 01:12 - 2018-06-07 22:28 - 000000000 ____D C:\Program Files (x86)\SystemHealer
2018-06-06 01:12 - 2018-06-06 01:27 - 000000398 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5
2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2018-06-06 01:11 - 2018-06-06 01:11 - 000000000 ____D C:\Users\Mercedes\AppData\LocalLow\endGirl
2018-06-06 01:10 - 2018-06-06 01:10 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Microleaves
2018-06-06 01:10 - 2018-06-06 01:10 - 000000000 ____D C:\Users\Mercedes\AppData\Local\AdvinstAnalytics
2018-06-06 01:09 - 2018-06-06 01:09 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\SystemHealer
2018-06-06 01:06 - 2018-06-06 01:06 - 000003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade
2018-06-06 01:06 - 2018-06-06 01:06 - 000000012 _____ C:\WINDOWS\b32694208
2018-06-06 01:06 - 2018-06-06 01:06 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Interstatnogui
2018-06-06 01:06 - 2018-06-06 01:06 - 000000000 ____D C:\Program Files (x86)\SoftUpgrade
2018-06-06 01:03 - 2018-06-06 01:03 - 000003850 _____ C:\WINDOWS\System32\Tasks\coinage regie racial
2018-06-06 01:03 - 2018-06-06 01:03 - 000003848 _____ C:\WINDOWS\System32\Tasks\gatekeeping_socking
2018-06-06 01:03 - 2018-06-06 01:03 - 000003844 _____ C:\WINDOWS\System32\Tasks\hollyhock-freundlich
2018-06-06 01:03 - 2018-06-06 01:03 - 000003842 _____ C:\WINDOWS\System32\Tasks\praising_gorges
2018-06-06 01:03 - 2018-06-06 01:03 - 000003840 _____ C:\WINDOWS\System32\Tasks\ic vacationing
2018-06-06 01:03 - 2018-06-06 01:03 - 000003834 _____ C:\WINDOWS\System32\Tasks\cassino
2018-06-06 01:03 - 2018-06-06 01:03 - 000003824 _____ C:\WINDOWS\System32\Tasks\sabine
2018-06-06 01:03 - 2018-06-06 01:03 - 000003824 _____ C:\WINDOWS\System32\Tasks\aquafresh
2018-06-06 01:03 - 2018-06-06 01:03 - 000003730 _____ C:\WINDOWS\System32\Tasks\coinage regie racialcoinage regie racial
2018-06-06 01:03 - 2018-06-06 01:03 - 000003726 _____ C:\WINDOWS\System32\Tasks\gatekeeping_sockinggatekeeping_socking
2018-06-06 01:03 - 2018-06-06 01:03 - 000003724 _____ C:\WINDOWS\System32\Tasks\hollyhock-freundlichhollyhock-freundlich
2018-06-06 01:03 - 2018-06-06 01:03 - 000003712 _____ C:\WINDOWS\System32\Tasks\praising_gorgespraising_gorges
2018-06-06 01:03 - 2018-06-06 01:03 - 000003708 _____ C:\WINDOWS\System32\Tasks\ic vacationingic vacationing
2018-06-06 01:03 - 2018-06-06 01:03 - 000003692 _____ C:\WINDOWS\System32\Tasks\snp
2018-06-06 01:03 - 2018-06-06 01:03 - 000003688 _____ C:\WINDOWS\System32\Tasks\cassinocassino
2018-06-06 01:03 - 2018-06-06 01:03 - 000003682 _____ C:\WINDOWS\System32\Tasks\aquafreshaquafresh
2018-06-06 01:03 - 2018-06-06 01:03 - 000003676 _____ C:\WINDOWS\System32\Tasks\sabinesabine
2018-06-06 01:03 - 2018-06-06 01:03 - 000000000 ___HD C:\Program Files (x86)\gaea
2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ___HD C:\Program Files (x86)\Hesitates
2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\Legg
2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\dusty
2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\congestion
2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\Avalanche
2018-06-06 01:01 - 2018-06-06 01:04 - 000003278 _____ C:\WINDOWS\System32\Tasks\snf
2018-06-06 01:01 - 2018-06-06 01:02 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-06-06 01:01 - 2018-06-06 01:01 - 000000000 ____D C:\ProgramData\Quoteexs
2018-06-06 01:00 - 2018-06-06 01:00 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-06-06 00:59 - 2018-06-06 00:59 - 001895384 _____ C:\Users\Mercedes\AppData\Local\Stannix.bin
2018-06-06 00:58 - 2018-06-06 01:14 - 000000000 ____D C:\ProgramData\Quoteex
2018-06-06 00:58 - 2018-06-06 00:58 - 007627776 _____ C:\Users\Mercedes\AppData\Local\agent.dat
2018-06-06 00:58 - 2018-06-06 00:58 - 001988014 _____ C:\Users\Mercedes\AppData\Local\MathSolotech.tst
2018-06-06 00:58 - 2018-06-06 00:58 - 000126464 _____ C:\Users\Mercedes\AppData\Local\noah.dat
2018-06-06 00:58 - 2018-06-06 00:58 - 000070896 _____ C:\Users\Mercedes\AppData\Local\Config.xml
2018-06-06 00:58 - 2018-06-06 00:58 - 000018432 _____ C:\Users\Mercedes\AppData\Local\Main.dat
2018-06-06 00:58 - 2018-06-06 00:58 - 000005568 _____ C:\Users\Mercedes\AppData\Local\md.xml
2018-06-06 00:58 - 2018-06-06 00:50 - 001810944 _____ (TODO: <Company name>) C:\Users\Mercedes\AppData\Local\MathSolotech.exe
2018-06-06 00:57 - 2018-06-06 01:02 - 000000000 ____D C:\Users\Mercedes\AppData\Local\WinZip
2018-06-06 00:57 - 2018-06-06 00:58 - 000278509 _____ C:\Users\Mercedes\AppData\Local\FinDom.tst
2018-06-06 00:57 - 2018-06-06 00:50 - 001810944 _____ (TODO: <Company name>) C:\Users\Mercedes\AppData\Local\FinDom.exe
2018-06-06 00:55 - 2018-06-07 22:24 - 000929792 _____ C:\Users\Mercedes\AppData\Local\sham.db
2018-06-06 00:55 - 2018-06-06 00:57 - 000016416 _____ C:\Users\Mercedes\AppData\Local\InstallationConfiguration.xml
2018-06-06 00:55 - 2018-06-06 00:55 - 000140800 _____ C:\Users\Mercedes\AppData\Local\installer.dat
2018-06-06 00:55 - 2018-06-06 00:55 - 000003510 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2018-06-06 00:52 - 2018-06-06 00:52 - 000002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-06-06 00:52 - 2018-06-06 00:52 - 000001901 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-06-06 00:51 - 2018-06-06 00:56 - 000000000 ____D C:\ProgramData\WinZip
2018-06-06 00:50 - 2018-06-06 00:55 - 000000000 ____D C:\Program Files\WinZip
2018-06-06 00:50 - 2018-06-06 00:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-06-06 00:50 - 2018-06-06 00:50 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2018-06-06 00:48 - 2018-06-06 00:48 - 000000000 ____D C:\ProgramData\UniqueId
2018-06-06 00:47 - 2018-06-09 01:07 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-06-06 00:47 - 2018-06-06 01:59 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2018-06-06 00:47 - 2018-06-06 00:50 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\AGData
2018-06-06 00:47 - 2018-06-06 00:47 - 000763096 _____ (WinZip Computing, S.L.) C:\Users\Mercedes\Downloads\winzip22.exe
2018-06-06 00:45 - 2018-06-06 00:45 - 000000000 ____D C:\Users\Mercedes\AppData\Local\Package Cache
2018-06-06 00:44 - 2018-06-06 00:45 - 000043520 _____ C:\Users\Mercedes\AppData\Local\pfialx.dll
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ C:\WINDOWS\touche.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ C:\Users\Mercedes\AppData\Local\Rivalry.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ C:\Users\Mercedes\AppData\Local\Brodsky.exe
2018-06-03 01:13 - 2018-06-06 01:03 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Mozilla
2018-05-27 08:36 - 2018-05-27 08:36 - 000000000 ____D C:\Users\Mercedes\Downloads\The.Ultimate.Fighter.S25E10.720p.HDTV.x264-daview
2018-05-27 02:04 - 2018-05-27 08:20 - 693700789 _____ C:\Users\Mercedes\Downloads\The.Ultimate.Fighter.S25E10.WEB.h264-KOENiG.mkv
2018-05-27 02:04 - 2018-05-27 02:04 - 532124614 _____ C:\Users\Mercedes\Downloads\The.Ultimate.Fighter.S25E11.HDTV.H264.Fight-BB.mp4
2018-05-26 15:34 - 2018-05-04 10:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-13 01:00 - 2018-05-03 08:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-13 01:00 - 2018-05-03 07:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-13 01:00 - 2018-05-03 07:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-13 01:00 - 2018-05-03 07:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-13 01:00 - 2018-05-03 07:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-13 01:00 - 2018-05-03 07:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-13 01:00 - 2018-05-03 06:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-13 01:00 - 2018-05-03 06:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-13 01:00 - 2018-05-03 06:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-13 01:00 - 2018-05-03 06:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-13 01:00 - 2018-05-03 06:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-13 01:00 - 2018-05-03 06:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-13 01:00 - 2018-05-03 06:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-13 01:00 - 2018-05-03 06:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-13 01:00 - 2018-05-03 06:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-13 01:00 - 2018-05-03 06:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-13 01:00 - 2018-05-03 06:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-13 01:00 - 2018-05-03 06:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-13 01:00 - 2018-04-15 22:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-13 01:00 - 2018-04-15 22:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-13 01:00 - 2018-04-15 21:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-13 01:00 - 2018-04-15 21:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-13 01:00 - 2018-04-15 21:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-13 01:00 - 2018-04-15 21:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-13 01:00 - 2018-04-15 21:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-13 01:00 - 2018-04-15 21:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-13 01:00 - 2018-04-15 21:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-13 01:00 - 2018-04-15 21:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-13 01:00 - 2018-04-15 21:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-13 01:00 - 2018-04-15 21:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-13 01:00 - 2018-04-15 21:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-13 01:00 - 2018-04-15 21:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-13 01:00 - 2018-04-15 21:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-13 01:00 - 2018-04-15 21:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-13 01:00 - 2018-04-15 21:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-13 01:00 - 2018-04-15 21:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-13 00:59 - 2018-05-03 08:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-13 00:59 - 2018-05-03 08:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-13 00:59 - 2018-05-03 08:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-13 00:59 - 2018-05-03 08:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-13 00:59 - 2018-05-03 08:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-13 00:59 - 2018-05-03 08:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-13 00:59 - 2018-05-03 08:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-13 00:59 - 2018-05-03 08:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-13 00:59 - 2018-05-03 08:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-13 00:59 - 2018-05-03 08:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-13 00:59 - 2018-05-03 08:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-13 00:59 - 2018-05-03 08:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-13 00:59 - 2018-05-03 08:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-13 00:59 - 2018-05-03 07:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-13 00:59 - 2018-05-03 07:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-13 00:59 - 2018-05-03 07:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-13 00:59 - 2018-05-03 07:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-13 00:59 - 2018-05-03 07:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-13 00:59 - 2018-05-03 07:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-13 00:59 - 2018-05-03 07:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-13 00:59 - 2018-05-03 07:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-13 00:59 - 2018-05-03 07:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-13 00:59 - 2018-05-03 07:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-13 00:59 - 2018-05-03 07:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-13 00:59 - 2018-05-03 07:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-13 00:59 - 2018-05-03 07:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-13 00:59 - 2018-05-03 07:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-13 00:59 - 2018-05-03 07:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-13 00:59 - 2018-05-03 07:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-13 00:59 - 2018-05-03 07:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-13 00:59 - 2018-05-03 07:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-13 00:59 - 2018-05-03 07:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-13 00:59 - 2018-05-03 07:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-13 00:59 - 2018-05-03 07:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-13 00:59 - 2018-05-03 07:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-13 00:59 - 2018-05-03 07:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-13 00:59 - 2018-05-03 07:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-13 00:59 - 2018-05-03 07:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-13 00:59 - 2018-05-03 07:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-13 00:59 - 2018-05-03 07:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-13 00:59 - 2018-05-03 07:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-13 00:59 - 2018-05-03 07:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-13 00:59 - 2018-05-03 07:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-13 00:59 - 2018-05-03 07:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-13 00:59 - 2018-05-03 06:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-13 00:59 - 2018-05-03 06:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-13 00:59 - 2018-05-03 06:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-13 00:59 - 2018-05-03 06:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-13 00:59 - 2018-05-03 06:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-13 00:59 - 2018-05-03 06:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-13 00:59 - 2018-05-03 06:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-13 00:59 - 2018-05-03 06:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-13 00:59 - 2018-05-03 06:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-13 00:59 - 2018-04-15 23:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-13 00:59 - 2018-04-15 23:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-13 00:59 - 2018-04-15 22:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-13 00:59 - 2018-04-15 22:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-13 00:59 - 2018-04-15 22:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-13 00:59 - 2018-04-15 22:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-13 00:59 - 2018-04-15 22:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-13 00:59 - 2018-04-15 22:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-13 00:59 - 2018-04-15 22:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-13 00:59 - 2018-04-15 22:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-13 00:59 - 2018-04-15 22:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-13 00:59 - 2018-04-15 22:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-13 00:59 - 2018-04-15 22:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-13 00:59 - 2018-04-15 22:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-13 00:59 - 2018-04-15 22:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-13 00:59 - 2018-04-15 22:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-13 00:59 - 2018-04-15 21:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-13 00:59 - 2018-04-15 21:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-13 00:59 - 2018-04-15 21:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-13 00:59 - 2018-04-15 21:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-13 00:59 - 2018-04-15 21:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-13 00:59 - 2018-04-15 21:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-13 00:59 - 2018-04-15 21:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-13 00:59 - 2018-04-15 21:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-13 00:59 - 2018-04-15 21:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-13 00:59 - 2018-04-15 21:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-13 00:59 - 2018-04-15 21:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-13 00:59 - 2018-04-15 21:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-13 00:59 - 2018-04-15 21:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-13 00:59 - 2018-04-15 21:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-13 00:59 - 2018-04-15 21:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-13 00:59 - 2018-04-15 21:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-13 00:59 - 2018-04-15 21:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-13 00:59 - 2018-04-15 21:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-13 00:59 - 2018-04-15 21:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-13 00:59 - 2018-04-15 21:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-13 00:59 - 2018-04-15 21:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-13 00:59 - 2018-04-15 21:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-13 00:59 - 2018-04-15 21:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-13 00:59 - 2018-04-15 21:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-13 00:59 - 2018-04-15 21:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-13 00:59 - 2018-04-15 21:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-13 00:59 - 2018-04-15 21:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-13 00:59 - 2018-04-15 21:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-13 00:59 - 2018-04-15 21:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-13 00:59 - 2018-04-15 21:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-13 00:59 - 2018-04-15 21:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-13 00:59 - 2018-04-15 21:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-13 00:59 - 2018-04-15 21:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-13 00:59 - 2018-04-15 21:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-13 00:59 - 2018-04-15 21:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-13 00:59 - 2018-04-15 21:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-13 00:59 - 2018-04-15 21:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-13 00:59 - 2018-04-15 21:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-13 00:59 - 2018-04-15 21:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-13 00:59 - 2018-04-15 21:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-13 00:59 - 2018-04-15 21:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-13 00:59 - 2018-04-15 21:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-13 00:58 - 2018-05-03 08:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-13 00:58 - 2018-05-03 08:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-13 00:58 - 2018-05-03 08:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-13 00:58 - 2018-05-03 08:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-13 00:58 - 2018-05-03 08:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-13 00:58 - 2018-05-03 08:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-13 00:58 - 2018-05-03 07:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-13 00:58 - 2018-05-03 07:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-13 00:58 - 2018-05-03 07:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-13 00:58 - 2018-05-03 07:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-13 00:58 - 2018-04-15 23:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-13 00:58 - 2018-04-15 22:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-13 00:58 - 2018-04-15 22:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-13 00:58 - 2018-04-15 22:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-13 00:58 - 2018-04-15 21:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-13 00:58 - 2018-04-15 21:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-13 00:58 - 2018-04-15 21:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-13 00:58 - 2018-04-15 21:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-13 00:58 - 2018-04-15 21:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-13 00:58 - 2018-04-15 21:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-13 00:58 - 2018-04-15 21:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-13 00:58 - 2018-04-15 21:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-13 00:58 - 2018-04-15 21:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-13 00:58 - 2018-04-15 21:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-13 00:58 - 2018-04-15 21:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-13 00:58 - 2018-04-15 21:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-13 00:58 - 2018-04-15 21:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-13 00:58 - 2018-04-15 21:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-13 00:58 - 2018-04-15 21:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-13 00:58 - 2018-04-15 21:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-13 00:58 - 2018-04-15 20:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-13 00:57 - 2018-05-03 08:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-13 00:57 - 2018-05-03 08:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-13 00:57 - 2018-05-03 08:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-13 00:57 - 2018-05-03 08:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-13 00:57 - 2018-05-03 08:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-13 00:57 - 2018-05-03 08:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-13 00:57 - 2018-05-03 08:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-13 00:57 - 2018-05-03 08:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-13 00:57 - 2018-05-03 08:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-13 00:57 - 2018-05-03 08:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-13 00:57 - 2018-05-03 08:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-13 00:57 - 2018-05-03 08:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-13 00:57 - 2018-05-03 08:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-13 00:57 - 2018-05-03 08:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-13 00:57 - 2018-05-03 08:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-13 00:57 - 2018-05-03 08:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-13 00:57 - 2018-05-03 08:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-13 00:57 - 2018-05-03 08:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-13 00:57 - 2018-05-03 08:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-13 00:57 - 2018-05-03 07:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-13 00:57 - 2018-05-03 07:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-13 00:57 - 2018-05-03 07:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-13 00:57 - 2018-05-03 07:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-13 00:57 - 2018-05-03 07:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-13 00:57 - 2018-05-03 07:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-13 00:57 - 2018-05-03 07:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-13 00:57 - 2018-05-03 07:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-13 00:57 - 2018-05-03 07:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-13 00:57 - 2018-05-03 07:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-13 00:57 - 2018-05-03 07:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-13 00:57 - 2018-05-03 07:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-13 00:57 - 2018-05-03 07:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-13 00:57 - 2018-05-03 07:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-13 00:57 - 2018-05-03 07:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-13 00:57 - 2018-05-03 07:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-13 00:57 - 2018-05-03 07:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-13 00:57 - 2018-05-03 07:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-13 00:57 - 2018-05-03 06:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-13 00:57 - 2018-05-03 06:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-13 00:57 - 2018-05-03 06:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-13 00:57 - 2018-05-03 06:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-13 00:57 - 2018-05-03 06:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-13 00:57 - 2018-05-03 06:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-13 00:57 - 2018-05-03 06:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-13 00:57 - 2018-05-03 06:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-13 00:57 - 2018-05-03 06:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-13 00:57 - 2018-04-15 22:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-13 00:57 - 2018-04-15 22:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-13 00:57 - 2018-04-15 22:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-13 00:57 - 2018-04-15 22:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-13 00:57 - 2018-04-15 22:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-13 00:57 - 2018-04-15 22:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-13 00:57 - 2018-04-15 22:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-13 00:57 - 2018-04-15 22:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-13 00:57 - 2018-04-15 22:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-13 00:57 - 2018-04-15 22:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-13 00:57 - 2018-04-15 22:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-13 00:57 - 2018-04-15 21:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-13 00:57 - 2018-04-15 21:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-13 00:57 - 2018-04-15 21:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-13 00:57 - 2018-04-15 21:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-13 00:57 - 2018-04-15 21:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-13 00:57 - 2018-04-15 21:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-13 00:57 - 2018-04-15 21:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-13 00:57 - 2018-04-15 21:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-13 00:57 - 2018-04-15 21:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-13 00:57 - 2018-04-15 21:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-13 00:57 - 2018-04-15 21:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-13 00:57 - 2018-04-15 21:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-13 00:57 - 2018-04-15 21:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-13 00:57 - 2018-04-15 21:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-13 00:57 - 2018-04-15 21:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-13 00:57 - 2018-04-15 21:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-13 00:57 - 2018-04-15 21:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-13 00:57 - 2018-04-15 21:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-13 00:57 - 2018-04-15 21:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-13 00:57 - 2018-04-15 21:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-13 00:57 - 2018-04-15 21:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-13 00:57 - 2018-04-15 21:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-13 00:57 - 2018-04-15 21:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-13 00:57 - 2018-04-15 21:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-13 00:57 - 2018-04-15 21:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-13 00:57 - 2018-04-15 21:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-13 00:57 - 2018-04-15 21:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-13 00:57 - 2018-04-15 21:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-13 00:57 - 2018-04-15 21:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-13 00:57 - 2018-04-15 21:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-13 00:57 - 2018-04-15 21:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-13 00:57 - 2018-04-15 21:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-13 00:57 - 2018-04-15 21:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-13 00:57 - 2018-04-15 21:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-13 00:57 - 2018-04-15 21:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-13 00:57 - 2018-04-15 21:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-13 00:57 - 2018-04-15 21:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-13 00:57 - 2018-04-15 21:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-13 00:57 - 2018-04-15 21:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-13 00:57 - 2018-04-15 21:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-13 00:57 - 2018-04-15 21:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-13 00:57 - 2018-04-15 21:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-13 00:57 - 2018-04-15 21:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-13 00:57 - 2018-04-15 21:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-13 00:57 - 2018-04-15 21:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-13 00:57 - 2018-04-15 21:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-13 00:57 - 2018-04-15 21:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-13 00:57 - 2018-04-15 21:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-13 00:57 - 2018-04-15 21:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-13 00:57 - 2018-04-15 21:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-13 00:57 - 2018-04-15 20:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-13 00:57 - 2017-11-26 14:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-13 00:56 - 2018-05-03 07:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-13 00:56 - 2018-05-03 07:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-13 00:56 - 2018-05-03 07:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-13 00:56 - 2018-05-03 06:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-13 00:56 - 2018-04-15 21:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-13 00:56 - 2018-04-15 21:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-13 00:56 - 2018-04-15 21:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-13 00:56 - 2018-04-15 21:11 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2018-05-13 00:56 - 2018-04-15 21:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-13 00:56 - 2018-04-15 21:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-13 00:56 - 2018-04-15 21:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-13 00:56 - 2018-04-15 21:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-13 00:56 - 2018-04-15 21:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-13 00:56 - 2018-04-15 21:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-13 00:56 - 2018-04-15 21:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-13 00:56 - 2018-04-15 21:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-13 00:56 - 2018-04-15 21:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-13 00:56 - 2018-04-15 21:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-13 00:56 - 2018-04-15 21:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-13 00:56 - 2018-04-15 21:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-13 00:56 - 2018-04-15 21:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-13 00:56 - 2018-04-15 21:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-13 00:56 - 2018-04-15 21:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-13 00:56 - 2018-04-15 21:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-13 00:56 - 2018-04-15 21:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-13 00:56 - 2018-04-15 21:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-13 00:56 - 2018-04-15 21:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-13 00:56 - 2018-04-15 20:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-13 00:56 - 2018-04-15 20:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-09 01:16 - 2018-01-10 23:07 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{96332C46-7600-4BB0-A217-762A65B56FF2}
2018-06-09 01:15 - 2015-01-08 20:54 - 000002313 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 01:14 - 2015-01-08 20:54 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-09 01:12 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-09 01:09 - 2018-01-10 23:01 - 000992634 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-09 01:06 - 2015-05-13 14:30 - 000000000 ___RD C:\Users\Mercedes\iCloudDrive
2018-06-09 01:02 - 2018-01-10 23:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-09 01:02 - 2018-01-10 22:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-07 22:16 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-07 22:12 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-06 01:39 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2018-06-06 01:29 - 2018-01-10 22:34 - 000000000 ____D C:\Users\Mercedes
2018-06-02 10:21 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-02 10:16 - 2014-05-22 02:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-02 08:58 - 2018-02-28 22:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-29 16:55 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-05-27 02:44 - 2018-01-10 23:07 - 000003494 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2018-05-26 20:35 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-26 20:29 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-26 20:21 - 2018-01-14 00:23 - 000000000 ___RD C:\Users\Mercedes\3D Objects
2018-05-26 20:21 - 2014-12-29 23:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-26 20:17 - 2018-01-10 22:26 - 000461728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-26 20:16 - 2017-11-26 22:02 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-05-26 20:16 - 2017-09-29 09:45 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-26 20:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-26 20:13 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-26 20:13 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\servicing
2018-05-26 19:51 - 2017-10-04 20:13 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\vlc
2018-05-19 01:24 - 2018-01-10 23:07 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-19 01:24 - 2018-01-10 23:07 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-13 01:13 - 2017-09-29 14:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-05-13 01:12 - 2017-09-29 14:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-05-13 01:12 - 2017-09-29 14:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-05-13 01:11 - 2017-09-29 14:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-05-13 00:46 - 2015-01-17 01:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-13 00:30 - 2017-10-11 00:26 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-13 00:30 - 2015-01-17 01:07 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2017-10-01 01:47 - 2017-10-01 01:47 - 000000046 _____ () C:\Users\Mercedes\AppData\Roaming\WB.CFG
2018-06-06 00:58 - 2018-06-06 00:58 - 007627776 _____ () C:\Users\Mercedes\AppData\Local\agent.dat
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Users\Mercedes\AppData\Local\Brodsky.exe
2018-06-06 00:58 - 2018-06-06 00:58 - 000070896 _____ () C:\Users\Mercedes\AppData\Local\Config.xml
2018-06-06 00:57 - 2018-06-06 00:50 - 001810944 _____ (TODO: <Company name>) C:\Users\Mercedes\AppData\Local\FinDom.exe
2018-06-06 00:57 - 2018-06-06 00:58 - 000278509 _____ () C:\Users\Mercedes\AppData\Local\FinDom.tst
2018-06-06 00:55 - 2018-06-06 00:57 - 000016416 _____ () C:\Users\Mercedes\AppData\Local\InstallationConfiguration.xml
2018-06-06 00:55 - 2018-06-06 00:55 - 000140800 _____ () C:\Users\Mercedes\AppData\Local\installer.dat
2018-06-06 00:58 - 2018-06-06 00:58 - 000018432 _____ () C:\Users\Mercedes\AppData\Local\Main.dat
2018-06-06 00:58 - 2018-06-06 00:50 - 001810944 _____ (TODO: <Company name>) C:\Users\Mercedes\AppData\Local\MathSolotech.exe
2018-06-06 00:58 - 2018-06-06 00:58 - 001988014 _____ () C:\Users\Mercedes\AppData\Local\MathSolotech.tst
2018-06-06 00:58 - 2018-06-06 00:58 - 000005568 _____ () C:\Users\Mercedes\AppData\Local\md.xml
2018-06-06 00:58 - 2018-06-06 00:58 - 000126464 _____ () C:\Users\Mercedes\AppData\Local\noah.dat
2018-06-06 00:44 - 2018-06-06 00:45 - 000043520 _____ () C:\Users\Mercedes\AppData\Local\pfialx.dll
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Users\Mercedes\AppData\Local\Rivalry.exe
2018-06-06 00:55 - 2018-06-07 22:24 - 000929792 _____ () C:\Users\Mercedes\AppData\Local\sham.db
2018-06-06 00:59 - 2018-06-06 00:59 - 001895384 _____ () C:\Users\Mercedes\AppData\Local\Stannix.bin
2018-06-06 01:01 - 2018-06-06 01:01 - 000032038 _____ () C:\Users\Mercedes\AppData\Local\uninstall_temp.ico
Files to move or delete:
====================
C:\Users\Mercedes\AppData\Roaming\Interstatnogui\interstatnogui.exe

Some files in TEMP:
====================
2018-06-06 00:57 - 2018-06-06 00:57 - 000088576 _____ () C:\Users\Mercedes\AppData\Local\Temp\AZOREG.exe
2018-05-03 15:12 - 2018-05-03 15:12 - 001115760 _____ (IOT Mega) C:\Users\Mercedes\AppData\Local\Temp\Uk0I6Gfz-prog.exe
2018-05-03 15:12 - 2018-05-03 15:12 - 000147792 _____ () C:\Users\Mercedes\AppData\Local\Temp\Uk0I6Gfz-upd.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-26 15:55
==================== End of FRST.txt ============================

 


  • 0

Advertisements


#2
Spacelord11011

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Mercedes (09-06-2018 01:18:31)
Running from C:\Users\Mercedes\Desktop
Windows 10 Home Version 1709 16299.431 (X64) (2018-01-10 22:11:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2757255035-3979406009-1362736679-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2757255035-3979406009-1362736679-503 - Limited - Disabled)
Guest (S-1-5-21-2757255035-3979406009-1362736679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2757255035-3979406009-1362736679-1003 - Limited - Enabled)
Mercedes (S-1-5-21-2757255035-3979406009-1362736679-1001 - Administrator - Enabled) => C:\Users\Mercedes
WDAGUtilityAccount (S-1-5-21-2757255035-3979406009-1362736679-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
Bejeweled 3 (HKLM-x32\...\WTA-6b790868-6419-41b6-898d-45bd628257ce) (Version: 2.2.0.98 - WildTangent) Hidden
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-323 - House of Life)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version:  - )
Cut the Rope (HKLM-x32\...\WTA-49dd320a-9af0-4b97-8c80-9196cb701bff) (Version: 3.0.2.38 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
Enchanted Cavern 2 (HKLM-x32\...\WTA-c872463c-5cb0-4ea5-be13-f08e56f6e019) (Version: 2.2.0.110 - WildTangent) Hidden
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Impaq Speed (HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\{5b0c3e0d-0e9b-4ebd-a5de-222a48f16015}) (Version: 0.0.0.0 - Melasys LLC) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Magic Academy (HKLM-x32\...\WTA-2f2643ee-8fa7-4010-9adc-4b067b2c6686) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (HKLM-x32\...\WTA-572a4e7d-2117-428e-94d5-b6cc515c52d0) (Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
My Kingdom for the Princess 3 (HKLM-x32\...\WTA-dc6337c4-24d3-4da4-b8f6-1edeed78494b) (Version: 2.2.0.110 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Peggle Nights (HKLM-x32\...\WTA-0903a249-a562-4809-a48a-273f0ea3216a) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-8c68e74d-5751-4568-a571-a9cbb32375c4) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-58261329-9bb7-4ecf-b071-cff968a63c46) (Version: 2.2.0.97 - WildTangent) Hidden
ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== ATTENTION
PSP Application (HKLM\...\{8DB698FB-2E57-A223-0169-911CA8736440}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
SafeFinder (HKLM-x32\...\{A57FEE97-D9D6-4FBB-9C4A-A5CE29D9CD68}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.1 - Toshiba Europe GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{61702639-6539-473A-8FE5-618E194C0069}) (Version: 2.7.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-bea1b929-a998-449e-83bd-fc9c0cf9f2a8) (Version: 3.0.2.32 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.25 - WildTangent) Hidden
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-422e1372-e137-4918-a535-257ad874b9b7) (Version: 3.0.2.32 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-10-21] (Apple Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-04-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {011ED799-A057-4B6F-81D5-C4656EF085F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {026757CA-1853-40C9-A795-1FACC8E16102} - System32\Tasks\praising_gorges => C:\Program Files (x86)\Hesitates\Brodsky.exe [2018-06-05] ()
Task: {083F6CB4-D2E8-4688-AECA-D6882639785A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1394CD72-F23F-4D6F-9511-DBBCC0314137} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1B1E28BD-138B-4F1E-B277-73DA7CC017DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1EED2BD1-7AD4-467D-BA8B-B9EAE2FA57D1} - System32\Tasks\sabinesabine => C:\Program Files (x86)\Avalanche\Brodsky.exe [2018-06-05] ()
Task: {227B6A50-7BB6-40CE-B5D6-6D2AD3483D28} - System32\Tasks\TOSHIBA\StartCCC => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-23] (Advanced Micro Devices, Inc.)
Task: {22BF10D5-8606-4C16-8A14-0D8785581226} - \WPD\SqmUpload_S-1-5-21-2757255035-3979406009-1362736679-1001 -> No File <==== ATTENTION
Task: {24F567AB-697C-46BA-94E0-6320162432D4} - System32\Tasks\gatekeeping_sockinggatekeeping_socking => C:\Users\Mercedes\AppData\Local\Rivalry.exe [2018-06-05] ()
Task: {26A35A25-E5B5-49CC-9999-BF62F487BE68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2A97E122-D7D4-4748-81C7-AD76DC516BF4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {441A91B9-208A-4F73-9FF8-6B86279A3F34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4452A53C-C3AE-4ACE-807E-6F5CE4DA5D67} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2018-05-03] () <==== ATTENTION
Task: {4F61D241-E6BC-47F0-94FC-E455C73C6B08} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-02] (Microsoft Corporation)
Task: {523E2770-E2FC-48EA-BE76-85763362B15C} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2013-08-13] (TOSHIBA Corporation)
Task: {52E2F8EC-6DA9-4F6C-9A3F-463AF0DFF64F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-02] (Microsoft Corporation)
Task: {5346D354-1A64-4A83-972A-7FF7F942D3B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {53EA5E11-0597-4139-99E2-7AAC34E85F50} - System32\Tasks\cassino => C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] ()
Task: {62CF14B9-15C2-4949-9BCD-8E272FAA9862} - System32\Tasks\aquafresh => C:\Program Files (x86)\Legg\loveridge.exe [2018-06-05] ()
Task: {643339D4-70BD-4724-B5AD-7CA2E7E15260} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23] (TOSHIBA)
Task: {666FA970-C2AA-4965-851E-133A3F11EE1F} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {67CD85BA-53C4-4871-827D-DFAC0A521956} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6AF7D459-7629-4120-8074-3B300A35B279} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {6E392B4C-2162-4435-930C-B3BD22F79AE5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-02] (Microsoft Corporation)
Task: {70638CE6-8B31-45DA-9B49-6D0F8B09C588} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7257DF9E-1768-45A1-B410-CEC852DDBFBE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {760DCCD4-4C44-401C-9475-85CE4C26EB0E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {79CB7BB7-C52D-4D12-9E48-E81ECAF0414D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {7A631C52-187A-4213-BF11-580AD4D8834C} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {7CCBF3EE-C183-435E-8149-70D9AC03813B} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe [2018-06-06] (TODO: <Company name>) <==== ATTENTION
Task: {88850828-7FEB-4A8E-8187-B0CC8653C3B8} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-12-24] (Toshiba Europe GmbH)
Task: {901362F5-C53F-497C-813A-F1887AF79AAD} - System32\Tasks\coinage regie racialcoinage regie racial => C:\Users\Mercedes\AppData\Local\Brodsky.exe [2018-06-05] ()
Task: {98BBFC45-5B8B-4FBA-B408-698FDDA50946} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A23112C1-9057-4CAA-823F-68871BEC7F02} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {A54E25E1-2505-446E-A77C-6C928B03091D} - System32\Tasks\ic vacationing => C:\Program Files (x86)\Hesitates\Rivalry.exe [2018-06-05] ()
Task: {A68DB59F-A8A0-42DE-8E58-78ABE2775CD1} - System32\Tasks\hollyhock-freundlichhollyhock-freundlich => C:\Program Files (x86)\dusty\Rivalry.exe [2018-06-05] ()
Task: {A9DDDEE9-E21E-478F-B894-A88D26DE8177} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-02] (Microsoft Corporation)
Task: {AC6B9C3A-FE6E-4BEF-84F1-74CB4E094CC6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-02] (Microsoft Corporation)
Task: {AF5AAF75-CAAB-4D66-913B-594A49992D96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-02] (Microsoft Corporation)
Task: {B410CFA2-F632-448E-89FA-86AB5F007816} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-15] (WinZip)
Task: {B46BD411-4B84-40C7-9546-71C9D1A90BB8} - System32\Tasks\aquafreshaquafresh => C:\Program Files (x86)\Legg\loveridge.exe [2018-06-05] ()
Task: {BF54AF64-5D98-4BFB-B518-C1BF8082F0CE} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {C4787F03-1900-46AD-85F5-D5DAD2EB2980} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C8334C38-0D23-47AA-A7F3-AC7D075A0D40} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-27] (Realtek Semiconductor)
Task: {CA1771C8-9657-4DA5-B930-CFDBA220D2D1} - System32\Tasks\ic vacationingic vacationing => C:\Program Files (x86)\Hesitates\Rivalry.exe [2018-06-05] ()
Task: {CDBB38B1-4D3A-4DCC-B8F2-D2AE78163719} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe [2018-06-06] (TODO: <Company name>) <==== ATTENTION
Task: {CFB6E486-9602-401B-8065-F5D8BD1F2993} - System32\Tasks\cassinocassino => C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] ()
Task: {D2D9D031-CFB0-4304-A4A8-E1FB84F20213} - System32\Tasks\gatekeeping_socking => C:\Users\Mercedes\AppData\Local\Rivalry.exe [2018-06-05] ()
Task: {D57D3DCE-C142-4640-A093-47CF29E6A7D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D75FBD91-C174-43F6-ACCB-96C0B024C60A} - System32\Tasks\coinage regie racial => C:\Users\Mercedes\AppData\Local\Brodsky.exe [2018-06-05] ()
Task: {DD62AE3D-50A0-4F91-AAE2-72B3DFF07C6F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {E08A05A8-4E02-47AF-9A2C-1718DD8E5191} - System32\Tasks\TOSHIBA\TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [2014-04-17] (TOSHIBA Corporation)
Task: {E4D03BCA-9934-48EC-A1E5-38BD4E6CDA34} - System32\Tasks\sabine => C:\Program Files (x86)\Avalanche\Brodsky.exe [2018-06-05] ()
Task: {E7B91281-D17C-4F4B-906E-228F0397551A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E9A12E04-F0AF-4076-856C-DA63E7C82C1D} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {EC672183-EF10-4CA5-A1A6-6EFD423ED0E6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {F10A304A-6860-4A36-8455-3D39B4ABAEFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-02] (Microsoft Corporation)
Task: {F1BC8045-013E-498C-9C2A-6DAFE1C13899} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F702806B-4976-4BD7-BFEC-AB2E692B56B7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-02] (Microsoft Corporation)
Task: {FA002666-67D7-42EA-A62C-16C478809892} - System32\Tasks\hollyhock-freundlich => C:\Program Files (x86)\dusty\Rivalry.exe [2018-06-05] ()
Task: {FC151B94-065F-4F60-A468-BAD5E7D87CFB} - System32\Tasks\praising_gorgespraising_gorges => C:\Program Files (x86)\Hesitates\Brodsky.exe [2018-06-05] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\-17401854980.lnk -> hxxp://www.tvrage.com
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\-20197885040.lnk -> hxxp://www.channel4.com
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\-9799888660.lnk -> hxxp://www.newcastle.co.uk
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\12029975720.lnk -> hxxp://www.bbc.co.uk/iplaye
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\14695563240.lnk -> hxxp://www.surestarteastcc.org.uk/whats-o
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\15058967080.lnk -> hxxp://www.argos.co.uk/static/Home.ht
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\21025335110.lnk -> hxxp://www.vipelectroniccigarette.co.uk
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\5167171580.lnk -> hxxp://www.emp-online.co.uk
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\5620011250.lnk -> hxxp://groceries.asda.com/asda-webstore/landing/home.shtml?cmpid=ahc-_-ghs-sna1-_-asdacom-dsk-_-h
Shortcut: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\RoamingTiles\7498322000.lnk -> hxxp://www2.snapfish.co.uk/snapfishuk/welcom
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-17401854980.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x58307455 -pinnedTimeHigh 0x01d03759 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000016 hxxp://www.tvrage.com/
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-20197885040.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xcff849dc -pinnedTimeHigh 0x01d076f5 -securityFlags 0x00000000 -tileType 0x00000001 -url 0x00000018 hxxp://www.channel4.com/
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-9799888660.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xc64b07e9 -pinnedTimeHigh 0x01d0260c -securityFlags 0x00000000 -tileType 0x00000001 -url 0x0000001b hxxp://www.newcastle.co.uk/
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\12029975720.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xef9b1bfe -pinnedTimeHigh 0x01d02ab1 -securityFlags 0x00000000 -tileType 0x00000002 -url 0x0000001c hxxp://www.bbc.co.uk/iplayer
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\14695563240.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x90c4e028 -pinnedTimeHigh 0x01d0276a -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000002a hxxp://www.surestarteastcc.org.uk/whats-on
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\15058967080.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x73a154b9 -pinnedTimeHigh 0x01d0269c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000026 hxxp://www.argos.co.uk/static/Home.htm
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\21025335110.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x0afe4adf -pinnedTimeHigh 0x01d02446 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000028 hxxp://www.vipelectroniccigarette.co.uk/
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\2979443840.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xdd0d0997 -pinnedTimeHigh 0x01d0260c -securityFlags 0x00000000 -tileType 0x00000001 -url 0x00000094 hxxps://www.nwolb.com/default.aspx?refererident=B09797174B316CCBDF95E147F73D3959625C6B01&cookieid=139072
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\5167171580.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x6b185d85 -pinnedTimeHigh 0x01d0247d -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000001c hxxp://www.emp-online.co.uk/
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\5620011250.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x492df573 -pinnedTimeHigh 0x01d026db -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000062 hxxp://groceries.asda.com/asda-webstore/landing/home.shtml?cmpid=ahc-_-ghs-sna1-_-asdacom-dsk-_-hp
ShortcutWithArgument: C:\Users\Mercedes\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\7498322000.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xa0d61323 -pinnedTimeHigh 0x01d02d21 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000002d hxxp://www2.snapfish.co.uk/snapfishuk/welcome
ShortcutWithArgument: C:\Users\Mercedes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Mercedes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Mercedes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () -> %SNP% --disable-quic
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-04-22 22:48 - 2014-04-22 22:48 - 000140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-10-13 06:45 - 2015-10-13 06:45 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 12:15 - 2017-09-01 12:15 - 000495872 _____ () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2018-06-06 01:00 - 2018-06-06 00:39 - 003780096 _____ () C:\ProgramData\Logic Cramble\set.exe
2017-11-02 11:51 - 2017-11-02 11:51 - 000199864 _____ () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
2014-03-03 13:30 - 2014-03-03 13:30 - 000021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000009216 _____ () C:\Program Files (x86)\congestion\congestion.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Program Files (x86)\Hesitates\Rivalry.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Users\Mercedes\AppData\Local\Brodsky.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000078278 _____ () C:\Program Files (x86)\Legg\loveridge.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Program Files (x86)\Hesitates\Brodsky.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Program Files (x86)\dusty\Rivalry.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Program Files (x86)\Avalanche\Brodsky.exe
2018-06-05 23:49 - 2018-06-05 23:49 - 000021504 _____ () C:\Users\Mercedes\AppData\Local\Rivalry.exe
2018-06-06 19:55 - 2018-06-06 19:55 - 001760712 _____ () C:\Program Files\ed896c4569b349cf14f608f5a7a00f93\dbe628b249273c180a6002346247c9c8.exe
2018-03-17 18:35 - 2018-02-22 01:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-17 18:35 - 2018-02-22 01:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-10 21:53 - 2018-01-10 21:53 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-01-10 21:53 - 2018-01-10 21:53 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-01-15 00:20 - 2018-01-15 00:20 - 002945024 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.3.3472.1000_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2018-01-15 00:20 - 2018-01-15 00:20 - 000130560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.3.3472.1000_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2018-05-26 15:41 - 2018-05-26 15:41 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-05-26 15:50 - 2018-05-26 15:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-26 15:50 - 2018-05-26 15:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-02 09:13 - 2018-06-02 09:13 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-05-26 15:49 - 2018-05-26 15:49 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-05-26 15:49 - 2018-05-26 15:49 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-30 23:51 - 2017-09-30 23:52 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-26 15:49 - 2018-05-26 15:49 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-04-07 10:52 - 2018-04-07 10:52 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2018-06-05 23:49 - 2018-06-05 23:49 - 000037657 _____ () C:\Program Files (x86)\gaea\murdering.exe
2018-06-07 21:58 - 2018-06-07 21:58 - 000857600 _____ () C:\WINDOWS\yjvhvvrtfooukidv.ijvh
2014-10-11 14:06 - 2014-10-11 14:06 - 000073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 000237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 06:46 - 2015-10-13 06:46 - 001040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-06 00:44 - 2018-06-06 00:45 - 000043520 _____ () C:\Users\Mercedes\AppData\Local\pfialx.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-06-06 01:04 - 000001282 _____ C:\WINDOWS\system32\Drivers\etc\hosts
162.222.193.86       aoaomo.tremorhub.com
188.95.50.62       bobomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
162.222.193.86       www.ustream.tv
162.222.193.86       ustream.tv
162.222.193.86       www.livestream.com
162.222.193.86       livestream.com
162.222.193.86       www.dailymotion.com
162.222.193.86       dailymotion.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D8B11C6C-5F45-4E2B-86B6-3734C4CDF94C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5EB6CF6D-B1FD-4A00-996D-DEBEF49E2C3F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F9477DE2-FDDE-4231-9DB9-71FCF1DAD8DD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{0DE87E66-30B7-406A-A635-E26C5A851585}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{DE9ED236-E8AA-420C-A5F3-751029037B6B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{32C48AF4-894C-40CF-8A47-780C8845E590}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C1A4C4F1-24F0-4596-8064-0CB836FD199D}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{A5AE9808-B5FC-4808-B88E-58D9E118C3F7}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{FBDE7201-A647-415C-8E3D-49FAB469260B}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{17ACBB8C-1E80-4D86-825A-50076691850C}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{C0FDD72B-B178-431A-BE0D-7D20AB2C35F8}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{7E7CF29F-2623-4650-B5FE-89E7B57A93D3}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{7DE81932-8E78-4952-8A4D-0B57432423CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A25D6253-282E-4B70-A062-5E301C300CC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3200AE2E-9848-4854-8B42-BA0FA33B1D6C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F4DC9AF-9E96-4896-A8FB-25ADFEC22AA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4694A318-31C2-47E9-A0B8-FF423A7E5850}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{06C5FEE9-CE91-4D70-9E9F-863239D5F3E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{57C1F93C-0812-484E-801A-29A2BB6BC6D1}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{999C551B-299C-4170-92FC-C6C7C642EE93}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [TCP Query User{220BA4ED-5EF9-41D2-8791-59A3617F351F}C:\users\mercedes\appdata\local\microsoft\onedrive\onedrive.exe] => (Block) C:\users\mercedes\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [UDP Query User{7EF6A07F-722B-462D-8BC1-62402E0730FB}C:\users\mercedes\appdata\local\microsoft\onedrive\onedrive.exe] => (Block) C:\users\mercedes\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [{217B18AB-8404-41D3-A748-42AA002D6BB7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DFA8394C-B31B-4986-AD8D-A816E9C342E7}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{507F1A07-FA30-4849-A94A-40003C6B2905}] => (Allow) C:\Program Files (x86)\Avalanche\Brodsky.exe
FirewallRules: [{E40E42B3-B976-4DBD-969D-987A2FEDB419}] => (Allow) C:\Program Files (x86)\Hesitates\Brodsky.exe
FirewallRules: [{341A5668-CC45-448F-B433-CC297928F7CC}] => (Allow) C:\Program Files (x86)\dusty\Rivalry.exe
FirewallRules: [{3BC135EC-81D0-41B9-9CBF-24430371B0F5}] => (Allow) C:\Program Files (x86)\Hesitates\Rivalry.exe
==================== Restore Points =========================
13-05-2018 00:24:23 Windows Update
26-05-2018 16:35:07 Scheduled Checkpoint
06-06-2018 02:03:01 Removed Impaq Speed
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2018 01:05:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PANDORA)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.402_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
Error: (06/07/2018 11:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/07/2018 11:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 171203
Error: (06/07/2018 11:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 171203
Error: (06/07/2018 11:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/07/2018 11:12:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 169421
Error: (06/07/2018 11:12:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 169421
Error: (06/07/2018 11:12:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/09/2018 01:18:57 AM) (Source: DCOM) (EventID: 10010) (User: PANDORA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (06/09/2018 01:18:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/09/2018 01:16:57 AM) (Source: DCOM) (EventID: 10010) (User: PANDORA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (06/09/2018 01:14:57 AM) (Source: DCOM) (EventID: 10010) (User: PANDORA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (06/09/2018 01:13:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/09/2018 01:12:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (06/09/2018 01:12:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/09/2018 01:10:57 AM) (Source: DCOM) (EventID: 10010) (User: PANDORA)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2018-06-06 01:02:36.157
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...16&enterprise=0
Name: BrowserModifier:Win32/Linkhortry!blnk
ID: 235116
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\Mercedes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->[CMDEmbedded]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\ProgramData\Quoteex\Quoteex.exe
Signature Version: AV: 1.269.515.0, AS: 1.269.515.0, NIS: 1.269.515.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
Date: 2018-06-06 01:02:09.969
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...26&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mercedes\Videos\WinRAR 5.60 Beta 2 + Crack [CracksNow]\wrar56b2.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.269.515.0, AS: 1.269.515.0, NIS: 1.269.515.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
Date: 2018-06-06 00:59:02.641
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...26&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mercedes\Videos\WinRAR 5.60 Beta 2 + Crack [CracksNow]\wrar56b2.exe;process:_pid:5504,ProcessStart:131727158060707581
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.515.0, AS: 1.269.515.0, NIS: 1.269.515.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
Date: 2018-06-06 00:59:02.636
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...19&enterprise=0
Name: BrowserModifier:Win32/Soctuseer!excl
ID: 237119
Severity: High
Category: Browser Modifier
Path: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\ed896c4569b349cf14f608f5a7a00f93\
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.515.0, AS: 1.269.515.0, NIS: 1.269.515.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
Date: 2018-06-06 00:49:42.351
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...80&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Mercedes\Videos\WinRAR 5.60 Beta 2 + Crack [CracksNow]\winrar-x64-56b2.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.515.0, AS: 1.269.515.0, NIS: 1.269.515.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4
Date: 2018-06-02 09:12:04.123
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.311.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2018-06-02 09:12:04.122
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.311.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2018-06-02 09:12:04.122
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.311.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2018-06-02 09:12:00.070
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
Date: 2018-06-02 09:12:00.054
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
CodeIntegrity:
===================================
Date: 2018-06-09 01:19:17.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:19:17.034
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:16:08.264
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:16:08.183
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:12:33.924
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:12:33.919
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:11:15.566
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-09 01:11:15.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: AMD E1-6010 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 51%
Total physical RAM: 3518.9 MB
Available physical RAM: 1718.7 MB
Total Virtual: 6334.9 MB
Available Virtual: 4189.1 MB
==================== Drives ================================
Drive c: (TI31338900B) (Fixed) (Total:453.64 GB) (Free:25.29 GB) NTFS
\\?\Volume{f2f3dfca-e503-11e3-82be-201a06d8cd6e}\ (System) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
\\?\Volume{f2f3dfd0-e503-11e3-82be-201a06d8cd6e}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{6bd87482-7145-4bc9-ad0c-3cc77f64335c}\ () (Fixed) (Total:0.91 GB) (Free:0.46 GB) NTFS
\\?\Volume{2c841ee2-58f9-11e4-98f1-f8a963fd41ef}\ (Recovery) (Fixed) (Total:9.99 GB) (Free:0.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP