Solved SmartService rootkit. Problem with Searching.com. Can't install/ run most programs.

marioxb · May 2, 2017

The Windows Management thing was the problem. Scanning now. Thanks! Here's the MBAM log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/1/17
Scan Time: 4:27 AM
Logfile: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.0
Update Package Version: 1.0.0
License: Free

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: DESKTOP-90FI0FD\missih2008

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353939
Time Elapsed: 1 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
PUP.Optional.DotDo.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mockingly, Quarantined, [713], [120009],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\a16495631, Quarantined, [1320], [260960],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da1853795318537953, Quarantined, [1320], [183039],1.0.0
PUP.Optional.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gplyra, Quarantined, [179], [317317],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0562F921-1F87-4990-8236-0281698513A4}, Quarantined, [1320], [260959],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4626498-7C0F-4EC0-87A8-96199DDFDCC5}, Quarantined, [1320], [183036],1.0.0

Registry Value: 3
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AUTOAUTO, Quarantined, [1320], [184007],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0562F921-1F87-4990-8236-0281698513A4}|PATH, Quarantined, [1320], [260959],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4626498-7C0F-4EC0-87A8-96199DDFDCC5}|PATH, Quarantined, [1320], [183036],1.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.WeatherBuddy, C:\USERS\MISSIH2008\APPDATA\LOCAL\WeatherBuddy, Quarantined, [7918], [383210],1.0.0
PUP.Optional.InternetMonitor, C:\Users\missih2008\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_389\Logs, Quarantined, [12587], [182462],1.0.0
PUP.Optional.InternetMonitor, C:\USERS\MISSIH2008\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_389, Quarantined, [12587], [182462],1.0.0
Adware.HPDefender.Generic, C:\PROGRAM FILES (X86)\RUMBAUGH, Quarantined, [7867], [386532],1.0.0
PUP.Optional.MaxInternet, C:\PROGRAM FILES (X86)\MAXINTERNET, Quarantined, [8959], [385159],1.0.0
Adware.HPDefender.Generic, C:\PROGRAM FILES (X86)\COMMUNICATORS, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender, C:\a, Quarantined, [19], [386531],1.0.0

File: 38
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\TEMPLARS.EXE, Quarantined, [713], [120009],1.0.0
PUP.Optional.DotDo.PrxySvrRST, C:\PROGRAM FILES (X86)\Google\Chrome\Application\chrome.exe, Delete-on-Reboot, [713], [-1],0.0.0
Adware.HPDefender.Generic, C:\PROGRAM FILES (X86)\RUMBAUGH\UKEY.INI, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender.Generic, C:\Program Files (x86)\rumbaugh\55110085511008.ini, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender.Generic, C:\Program Files (x86)\rumbaugh\common.dll, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender.Generic, C:\Program Files (x86)\rumbaugh\FiddlerCore.dll, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender.Generic, C:\Program Files (x86)\rumbaugh\lib.dll, Quarantined, [7867], [386532],1.0.0
PUP.Optional.DotDo, C:\PROGRAM FILES (X86)\COMMUNICATORS\ISRAEL.EXE, Quarantined, [99], [329217],1.0.0
PUP.Optional.MaxInternet, C:\PROGRAM FILES (X86)\MAXINTERNET\APP.EXE, Quarantined, [8959], [385159],1.0.0
PUP.Optional.MaxInternet, C:\Program Files (x86)\MaxInternet\uninstall.exe, Quarantined, [8959], [385159],1.0.0
Trojan.Clicker, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\1493081623\S5-20170325.EXE, Quarantined, [23], [387411],1.0.0
Adware.HPDefender.Generic, C:\PROGRAM FILES (X86)\COMMUNICATORS\KEY.INI, Quarantined, [7867], [386532],1.0.0
Adware.HPDefender.Generic, C:\Program Files (x86)\communicators\Microsoft.Win32.TaskScheduler.dll, Quarantined, [7867], [386532],1.0.0
PUP.Optional.AnonymizerGadget, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\909154984\IC-0.B25DFD3699A5E8.EXE, Quarantined, [1428], [338559],1.0.0
PUP.Optional.Amonetize, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\AMIPIXEL.CFG, Quarantined, [5], [302488],1.0.0
Adware.ChinAd, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\3LT6ISHYM\SETUP.EXE, Quarantined, [1042], [354687],1.0.0
PUP.Optional.HDWallPaper, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\5G5FV1YAV\5G5FV1YAV.EXE, Quarantined, [116], [314890],1.0.0
Adware.ChinAd, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\FZALC5YPS\SETUP.EXE, Quarantined, [1042], [354687],1.0.0
PUP.Optional.BitCoinMiner, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\0S6PQFVXW\0S6PQFVXW.EXE, Quarantined, [179], [363441],1.0.0
Trojan.Clicker, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\1493081623\S5M_INSTALL_325.EXE, Quarantined, [23], [387412],1.0.0
PUP.Optional.SoftUp, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\OAU4D4ILZ\SETUP.EXE, Quarantined, [1350], [331340],1.0.0
Trojan.Clicker, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\1493081623\S5-20170325.ZIP, Quarantined, [23], [387411],1.0.0
PUP.Optional.SystemHealer, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\G9VSOAUDU\G9VSOAUDU.EXE, Quarantined, [890], [363442],1.0.0
PUP.Optional.HDWallPaper, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\FUNZSNB8B\FUNZSNB8B.EXE, Quarantined, [116], [314890],1.0.0
PUP.Optional.BitCoinMiner, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\BYJ8VWLYB\BYJ8VWLYB.EXE, Quarantined, [179], [363441],1.0.0
PUP.Optional.WeatherBuddy, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\TZKPFGLXR\WEATHERBUDDY.MSI, Quarantined, [7918], [383207],1.0.0
PUP.Optional.SystemHealer, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\LHLW1UQYL\B6PJNBY5C.EXE, Quarantined, [890], [363442],1.0.0
Trojan.Clicker, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\1493081623\S5M_INSTALL_325.ZIP, Quarantined, [23], [387412],1.0.0
Adware.Agent.Proxy, C:\WINDOWS\SQUISHY.EXE, Quarantined, [9022], [121621],1.0.0
Adware.DotDo, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\239CC4CE094A4C67B8FD14E4E73DFDB2\SETUP.EXE, Quarantined, [33], [371956],1.0.0
PUP.Optional.WeatherBuddy, C:\WINDOWS\WEATHERBUDDY.INI, Quarantined, [7918], [388256],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\a16495631, Quarantined, [1320], [260957],1.0.0
PUP.Optional.AppTrailers, C:\USERS\MISSIH2008\APPDATA\LOCAL\TEMP\IFT1IOKON\APPTRAILERS.9.2.9AMT.EXE, Quarantined, [772], [338239],1.0.0
Adware.HPDefender, C:\a\ayyyyy.txt, Quarantined, [19], [386531],1.0.0
Adware.HPDefender, C:\a\install.txt, Quarantined, [19], [386531],1.0.0
Adware.HPDefender, C:\a\winonit.exe, Quarantined, [19], [386531],1.0.0
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\CIRRUS.EXE, Quarantined, [713], [118538],1.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\Da1853795318537953, Quarantined, [1320], [183030],1.0.0

Physical Sector: 0
(No malicious items detected)

(end)

marioxb · May 2, 2017

# AdwCleaner v6.045 - Logfile created 01/05/2017 at 04:41:04
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 10 Home (X64)
# Username : missih2008 - DESKTOP-90FI0FD
# Running from : C:\Users\missih2008\Desktop\logs\New folder\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com
[-] [C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www-searching.com/?pid=s&s=H4Pzamobl20488AU,00f5f5c8-a278-4586-9c6d-d072c4655b3d,&vp=ch&prd=set_ch
[-] [C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-searching.com/?pid=s&s=H4Pzamobl20488AU,00f5f5c8-a278-4586-9c6d-d072c4655b3d,&vp=ch&prd=set_ch

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [19895 Bytes] - [26/04/2017 22:19:08]
C:\AdwCleaner\AdwCleaner[C2].txt - [1613 Bytes] - [01/05/2017 04:41:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [21882 Bytes] - [25/04/2017 17:39:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [21956 Bytes] - [25/04/2017 17:47:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [22030 Bytes] - [25/04/2017 18:07:47]
C:\AdwCleaner\AdwCleaner[S3].txt - [22104 Bytes] - [25/04/2017 18:45:58]
C:\AdwCleaner\AdwCleaner[S4].txt - [20427 Bytes] - [26/04/2017 22:17:13]
C:\AdwCleaner\AdwCleaner[S5].txt - [18825 Bytes] - [26/04/2017 22:18:54]
C:\AdwCleaner\AdwCleaner[S6].txt - [2403 Bytes] - [01/05/2017 04:39:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2203 Bytes] ##########

marioxb · May 2, 2017

Unfortunately, I can't get JRT to run as an admin. There is only one account on the tablet, it's of course an admin account, but running the program normally, or via right-click "run as admin", has the same results. It won't run in admin mode. So, I don't think it really did much:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by missih2008 (Limited) on Mon 05/01/2017 at 5:38:49.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/01/2017 at 5:40:10.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · May 2, 2017

Good

That was pretty nasty infection. It looks like we got rid of all bad stuff.

However the main issue now is your tablet being stuck in airplane mode, which makes it little bit useless.

All I can offer in that matter is just Google search because different solutions worked for different people: https://www.google.com/search?num=5...1j0i67k1j0i20k1j0i22i30k1j33i21k1.Ie1qxyWCc48

Also, we can try Windows repair....

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7, 8 and 10 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

marioxb · May 3, 2017

I got all the way to the last step with Windows Repair last night but I forgot to have the tablet plugged in. So it died when the repair was almost done. I started over this morning and am back at the last step again. If the logs from both last night and this morning are both there, I will post both. Looks like the logs are combined.

chkdsk_log.txt:

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

D:\logs\New folder\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 376064 of 376064 done; Stage: 100%; Total: 35%; ETA: 0:00:09

376064 file records processed.

File verification completed.
Progress: 10511 of 10511 done; Stage: 100%; Total: 28%; ETA: 0:00:11 .

10511 large file records processed.

Progress: 0 of 0 done; Stage: 99%; Total: 28%; ETA: 0:00:11 ..

0 bad file records processed.

Stage 2: Examining file name linkage ...
Progress: 450274 of 450274 done; Stage: 100%; Total: 81%; ETA: 0:00:03

450274 index entries processed.

Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 .
Progress: 0 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 ..

0 unindexed files scanned.

Progress: 0 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 ...

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 4 of 4 done; Stage: 100%; Total: 99%; ETA: 0:00:00

37106 data files processed.

CHKDSK is verifying Usn Journal...
Progress: 5075 of 5075 done; Stage: 100%; Total: 96%; ETA: 0:00:00 ..

41582280 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

238507004 KB total disk space.
60878392 KB in 163311 files.
120172 KB in 37107 indexes.
0 KB in bad sectors.
496492 KB in use by the system.
65536 KB occupied by the log file.
177011948 KB available on disk.

4096 bytes in each allocation unit.
59626751 total allocation units on disk.
44252987 allocation units available on disk.

C:\>

marioxb · May 3, 2017

chkdsk_full_log.txt:

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

D:\logs\New folder\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 0 of 376064 done; Stage: 0%; Total: 0%; ETA: 0:18:06
Progress: 28043 of 376064 done; Stage: 7%; Total: 2%; ETA: 0:17:39 .
Progress: 59105 of 376064 done; Stage: 15%; Total: 5%; ETA: 0:17:07 ..
Progress: 82266 of 376064 done; Stage: 21%; Total: 7%; ETA: 0:00:16 ...
Progress: 117131 of 376064 done; Stage: 31%; Total: 11%; ETA: 0:00:15
Progress: 176729 of 376064 done; Stage: 46%; Total: 17%; ETA: 0:00:12 .
Progress: 206123 of 376064 done; Stage: 54%; Total: 19%; ETA: 0:00:12 ..
Progress: 230475 of 376064 done; Stage: 61%; Total: 22%; ETA: 0:00:12 ...
Progress: 257806 of 376064 done; Stage: 68%; Total: 25%; ETA: 0:00:12
Progress: 286619 of 376064 done; Stage: 76%; Total: 27%; ETA: 0:00:12 .
Progress: 351344 of 376064 done; Stage: 93%; Total: 33%; ETA: 0:00:11 ..
Progress: 351345 of 376064 done; Stage: 93%; Total: 33%; ETA: 0:00:11 ...
Progress: 376064 of 376064 done; Stage: 100%; Total: 35%; ETA: 0:00:09

376064 file records processed.

File verification completed.
Progress: 10511 of 10511 done; Stage: 100%; Total: 28%; ETA: 0:00:11 .

10511 large file records processed.

Progress: 0 of 0 done; Stage: 99%; Total: 28%; ETA: 0:00:11 ..

0 bad file records processed.

Stage 2: Examining file name linkage ...
Progress: 30070 of 450274 done; Stage: 6%; Total: 30%; ETA: 0:00:11 ...
Progress: 76546 of 450274 done; Stage: 16%; Total: 34%; ETA: 0:00:11
Progress: 165271 of 450274 done; Stage: 36%; Total: 40%; ETA: 0:00:09 .
Progress: 165272 of 450274 done; Stage: 36%; Total: 40%; ETA: 0:00:09 ..
Progress: 217063 of 450274 done; Stage: 48%; Total: 44%; ETA: 0:00:09 ...
Progress: 256759 of 450274 done; Stage: 57%; Total: 47%; ETA: 0:00:09
Progress: 325769 of 450274 done; Stage: 72%; Total: 52%; ETA: 0:00:07 .
Progress: 325770 of 450274 done; Stage: 72%; Total: 52%; ETA: 0:00:07 ..
Progress: 377677 of 450274 done; Stage: 83%; Total: 58%; ETA: 0:00:06 ...
Progress: 380243 of 450274 done; Stage: 84%; Total: 59%; ETA: 0:00:06
Progress: 382921 of 450274 done; Stage: 85%; Total: 60%; ETA: 0:00:06 .
Progress: 386160 of 450274 done; Stage: 85%; Total: 62%; ETA: 0:00:06 ..
Progress: 389226 of 450274 done; Stage: 86%; Total: 64%; ETA: 0:00:06 ...
Progress: 391968 of 450274 done; Stage: 87%; Total: 67%; ETA: 0:00:06
Progress: 396516 of 450274 done; Stage: 88%; Total: 71%; ETA: 0:00:04 .
Progress: 401283 of 450274 done; Stage: 89%; Total: 78%; ETA: 0:00:04 ..
Progress: 407494 of 450274 done; Stage: 90%; Total: 79%; ETA: 0:00:03 ...
Progress: 450274 of 450274 done; Stage: 100%; Total: 81%; ETA: 0:00:03

450274 index entries processed.

Index verification completed.
Progress: 1 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 .
Progress: 0 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 ..

0 unindexed files scanned.

Progress: 0 of 0 done; Stage: 99%; Total: 81%; ETA: 0:00:03 ...

0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 4 of 4 done; Stage: 100%; Total: 99%; ETA: 0:00:00

37106 data files processed.

CHKDSK is verifying Usn Journal...
Progress: 802 of 5075 done; Stage: 15%; Total: 99%; ETA: 0:00:00 .
Progress: 5075 of 5075 done; Stage: 100%; Total: 96%; ETA: 0:00:00 ..

41582280 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

238507004 KB total disk space.
60878392 KB in 163311 files.
120172 KB in 37107 indexes.
0 KB in bad sectors.
496492 KB in use by the system.
65536 KB occupied by the log file.
177011948 KB available on disk.

4096 bytes in each allocation unit.
59626751 total allocation units on disk.
44252987 allocation units available on disk.

C:\>

marioxb · May 3, 2017

Everything seems to be working now, I can do online and I have sound from the speakers again. Thanks! However, in the logs folder are also two folders with dates (5.1.2017_10.33.07-AM) and (5.3.2017_4.01.13-AM). The first date is incorrect, as the actual date was 5-2-17 at around 10pm. The date/time was another thing effected by the infections, but it's now correct. The contents of the folders are as follows:

5.1.2017_10.33.07-AM:

HKLM_Restore_Default_Permissions_Error_Log.txt
list.bat
Register_System_Files.txt
Remove_Temp_Files.txt
Repair_App_Store.txt
Repair_bat_Association.txt
Repair_cmd_Association.txt
Repair_Component_Store.txt
Repair_com_Association.txt
Repair_Directory_Association.txt
Repair_Drive_Association.txt
Repair_exe_Association.txt
Repair_Folder_Association.txt
Repair_Hosts_File.txt
Repair_Icons.txt
Repair_inf_Association.txt
Repair_Internet_Explorer.txt
Repair_lnk_Shortcuts_Association.txt
Repair_MDAC_MS_Jet.txt
Repair_msc_Association.txt
Repair_MSI_Windows_Installer.txt
Repair_Network.txt
Repair_Print_Spooler.txt
Repair_reg_Association.txt
Repair_scr_Association.txt
Repair_Volume_Shadow_Copy_Service.txt
Repair_Windows_Firewall.txt
Repair_Windows_Safe_Mode.txt
Repair_Windows_Updates.txt
Repair_WMI.txt
Restore_Current_Profile_Permissions_Error_Log.txt
Restore_Default_Permissions_Error_Log.txt
Restore_Important_Windows_Services.txt
Restore_ProgramData_Permissions_Error_Log.txt
Restore_Program_Files_Permissions_Error_Log.txt
Restore_Program_Files_x86_Permissions_Error_Log.txt
Restore_Windows_Permissions_Error_Log.txt
_Windows_Repair_Log.txt

5.3.2017_4.01.13-AM:

HKLM_Restore_Default_Permissions_Error_Log.txt
Remove_Temp_Files.txt
Repair_App_Store.txt
Repair_Component_Store.txt
Repair_Icons.txt
Repair_MSI_Windows_Installer.txt
Repair_Network.txt
Repair_Performance_Counters.txt
Repair_Volume_Shadow_Copy_Service.txt
Repair_Windows_Firewall.txt
Repair_Windows_Updates.txt
Repair_WMI.txt
_Windows_Repair_Log.txt

Let me know if you need any of these additional logs.

Broni · May 3, 2017

Great news!

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

marioxb · May 4, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01
Ran by missih2008 (administrator) on DESKTOP-90FI0FD (04-05-2017 04:18:19)
Running from C:\Users\missih2008\Desktop\logs\New folder (2)
Loaded Profiles: missih2008 (Available Profiles: missih2008)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\Samsung\TabPro Pen Manager\TabPro Pen Manager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungOSD\OSD.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57711.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SamsungOSD] => C:\Program Files (x86)\Samsung\SamsungOSD\OSD.exe [863144 2016-01-21] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-04-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [67168 2017-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-04-10] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\...\Run: [TabPro Pen Manager] => C:\Program Files (x86)\Samsung\TabPro Pen Manager\TabPro Pen Manager.exe [203776 2016-05-03] ()
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\...\Run: [swollen] => "C:\Program Files (x86)\duplexing\israel.exe"
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok8960452.lnk [2017-04-25]
ShortcutTarget: ok8960452.lnk -> C:\Program Files (x86)\rumbaugh\trekkers.exe (No File)
Startup: C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok8960452unamplified.lnk [2017-04-25]
ShortcutTarget: ok8960452unamplified.lnk -> C:\Program Files (x86)\Querulous\repeatability.exe (No File)
Startup: C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\unamplified.lnk [2017-04-25]
ShortcutTarget: unamplified.lnk -> C:\Program Files (x86)\rumbaugh\trekkers.exe (No File)
Startup: C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-05-03]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{257d86d9-be09-44aa-8edb-6d1428755851}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-03] (Microsoft Corporation)

Edge:
======
Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.0.0_neutral__8wekyb3d8bbwe [2016-12-06]
Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2016-12-06]

FireFox:
========
FF ProfilePath: C:\Users\missih2008\AppData\Roaming\Mozilla\Firefox\Profiles\kme0rjHn.default [2017-05-03]
FF Extension: (Avira Password Manager) - C:\Users\missih2008\AppData\Roaming\Mozilla\Firefox\Profiles\kme0rjHn.default\Extensions\[email protected] [2017-05-03]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-03] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-03] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)

Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://ipmkfpcnmccejididiaagpgchgjfajgp/html/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default [2017-05-03]
CHR Extension: (Google Slides) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-03]
CHR Extension: (Google Docs) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-03]
CHR Extension: (Google Drive) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-03]
CHR Extension: (YouTube) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-03]
CHR Extension: (Google Sheets) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-03]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-03]
CHR Extension: (Gmail) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\missih2008\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-03]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-04-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-04-10] (Avira Operations GmbH & Co. KG)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-05] (Windows (R) Win 7 DDK provider)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [354720 2017-04-12] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [316976 2017-03-20] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
S4 BLEPenSvr; C:\WINDOWS\System32\BLEPenService.exe [1446008 2016-05-02] (Samsung Electronics Co.,Ltd.)
S4 ClavisPcService; C:\Program Files (x86)\Samsung\Samsung Flow Driver\ClavisPcService.exe [31144 2016-06-01] (Samsung Electronics)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
S4 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\ki119447.inf_amd64_75193c527bda7a52\IntelCpHeciSvc.exe [284144 2016-11-18] (Intel Corporation)
S4 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\ki119447.inf_amd64_75193c527bda7a52\IntelCpHDCPSvc.exe [462832 2016-11-18] (Intel Corporation)
S4 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-05-21] (Intel Corporation)
S4 Grip Sensor Reset Service; C:\windows\system32\GripResetService.exe [21504 2015-12-21] (Samsung Electronics) [File not signed]
S4 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\ki119447.inf_amd64_75193c527bda7a52\igfxCUIService.exe [324592 2016-11-18] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-13] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-05-22] (CyberLink)
S4 Samsung System Service; C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemService.exe [165288 2016-10-28] (Samsung Electronics Co., Ltd.)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [114824 2017-05-03] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [114824 2017-05-03] (Avira Operations GmbH & Co. KG)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-04-07] (Avira Operations GmbH & Co. KG)
S4 sService; C:\Program Files (x86)\Samsung\sService\sServiceSvc.exe [2870056 2016-02-16] ()
S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3296104 2016-11-08] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S4 WlSarService; C:\windows\system32\WlSarService.exe [32768 2016-01-21] (Samsung Electronics Co., Ltd.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-04-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-04-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-04-10] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-04-10] (Avira Operations GmbH & Co. KG)
R3 BcmGnssBus; C:\WINDOWS\System32\drivers\BcmGnssBus.sys [122008 2016-01-05] (Broadcom Corporation)
R3 CSI2HostControllerDriver; C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [107536 2016-09-05] (Intel(R) Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55792 2016-05-21] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-05-21] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-05-21] (Intel Corporation)
R3 iacamera64; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [2117136 2016-09-05] (Intel(R) Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-07-20] (Intel Corporation)
S3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185128 2015-07-20] (Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-07-20] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki119447.inf_amd64_75193c527bda7a52\igdkmd64.sys [11027944 2016-11-18] (Intel Corporation)
R3 IMX241; C:\WINDOWS\System32\drivers\imx241.sys [136208 2016-09-05] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [201808 2016-02-10] (Intel(R) Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [623184 2016-02-10] (Intel(R) Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-03] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2401720 2016-08-04] (Qualcomm Atheros, Inc.)
R1 SAMOPanel; C:\WINDOWS\System32\drivers\SAMOPanel.sys [134136 2016-04-04] (Samsung Electronics Co.,Ltd.)
R3 SkcController; C:\WINDOWS\System32\drivers\SkcController.sys [153096 2016-09-05] (Intel(R) Corporation)
R3 supportdriver; C:\WINDOWS\System32\drivers\iaisp64.sys [35344 2016-09-05] (Intel(R) Corporation)
R3 TchFilter; C:\WINDOWS\System32\drivers\TchFilter.sys [42808 2016-04-17] (Samsung Electronics Co.,Ltd.)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2015-04-13] (Intel Corporation)
S3 VPen; C:\WINDOWS\System32\drivers\VPen.sys [38008 2016-05-02] (Samsung Electronics Co.,Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-03 18:03 - 2017-05-03 18:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-05-03 18:02 - 2017-04-10 13:23 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-05-03 18:02 - 2017-04-10 13:23 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-05-03 18:02 - 2017-04-10 13:23 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-05-03 18:02 - 2017-04-10 13:23 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-05-03 18:02 - 2017-04-10 13:23 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-05-03 17:58 - 2017-05-03 17:58 - 00002225 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-05-03 17:57 - 2017-05-03 17:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-05-03 17:57 - 2017-05-03 17:57 - 00003476 _____ C:\WINDOWS\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-05-03 17:57 - 2017-05-03 17:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Avira
2017-05-03 17:57 - 2017-05-03 17:57 - 00000000 ____D C:\Users\missih2008\AppData\Roaming\Mozilla
2017-05-03 17:57 - 2017-05-03 17:57 - 00000000 ____D C:\Users\missih2008\AppData\Local\Avira
2017-05-03 17:56 - 2017-05-03 17:57 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-05-03 17:56 - 2017-05-03 17:56 - 00003788 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2017-05-03 17:56 - 2017-05-03 17:56 - 00001216 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2017-05-03 17:55 - 2017-05-03 17:55 - 00001113 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-05-03 17:54 - 2017-05-03 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-05-03 17:54 - 2017-05-03 17:54 - 00002151 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-05-03 17:54 - 2017-05-03 17:54 - 00001277 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-05-03 17:53 - 2017-05-03 17:53 - 04791320 _____ (Avira Operations GmbH & Co. KG) C:\Users\missih2008\Downloads\avira_en_fass0_590a4f24dbd64__ws.exe
2017-05-03 17:40 - 2017-05-03 17:40 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-03 17:40 - 2017-05-03 17:40 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-03 17:39 - 2017-05-03 17:39 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-03 17:39 - 2017-05-03 17:39 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-03 17:33 - 2017-05-03 17:39 - 01130328 _____ (Google Inc.) C:\Users\missih2008\Downloads\ChromeSetup.exe
2017-05-03 16:47 - 2017-05-03 16:47 - 00000000 ____D C:\Users\missih2008\Documents\eRightSoft
2017-05-02 22:56 - 2017-05-02 22:56 - 00000000 ____D C:\Users\missih2008\Desktop\tweaking.com_windows_repair_aio
2017-05-02 22:56 - 2017-05-02 22:56 - 00000000 ____D C:\Users\missih2008\AppData\Local\CrashDumps
2017-05-01 10:40 - 2017-05-03 04:07 - 03202716 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-01 10:31 - 2017-05-01 10:31 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-90FI0FD-Windows-10-Home-(64-bit).dat
2017-05-01 10:31 - 2017-05-01 10:31 - 00000000 ____D C:\RegBackup
2017-05-01 05:40 - 2017-05-01 05:40 - 00000554 _____ C:\Users\missih2008\Desktop\JRT.txt
2017-05-01 05:14 - 2017-05-01 05:14 - 00000017 _____ C:\Users\missih2008\AppData\Local\resmon.resmoncfg
2017-05-01 04:26 - 2017-05-03 04:49 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-01 04:26 - 2017-05-01 04:26 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-01 04:26 - 2017-05-01 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-01 04:25 - 2017-05-03 04:49 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-01 03:47 - 2017-05-01 03:47 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-01 03:46 - 2017-05-01 04:09 - 00000000 ____D C:\ProgramData\RogueKiller
2017-05-01 03:46 - 2017-05-01 03:46 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-05-01 03:46 - 2017-05-01 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-05-01 03:46 - 2017-05-01 03:46 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-30 20:54 - 2017-05-01 10:44 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_787
2017-04-30 20:54 - 2017-04-30 20:54 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_73
2017-04-28 00:26 - 2017-05-04 04:18 - 00000000 ____D C:\FRST
2017-04-28 00:25 - 2017-05-03 18:01 - 00000000 ____D C:\ProgramData\Avira
2017-04-28 00:25 - 2017-05-03 18:01 - 00000000 ____D C:\Program Files (x86)\Avira
2017-04-28 00:21 - 2017-04-28 00:21 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-26 21:34 - 2017-04-26 21:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2017-04-25 22:14 - 2017-04-27 04:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-25 18:47 - 2017-04-25 18:47 - 00732164 _____ C:\WINDOWS\Minidump\042517-9406-01.dmp
2017-04-25 18:08 - 2017-04-25 18:08 - 00732164 _____ C:\WINDOWS\Minidump\042517-9531-01.dmp
2017-04-25 17:47 - 2017-04-25 17:47 - 00740324 _____ C:\WINDOWS\Minidump\042517-9437-01.dmp
2017-04-25 17:40 - 2017-04-25 17:40 - 00732236 _____ C:\WINDOWS\Minidump\042517-9453-01.dmp
2017-04-25 17:37 - 2017-05-01 04:41 - 00000000 ____D C:\AdwCleaner
2017-04-25 17:11 - 2017-05-01 03:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-04-25 16:46 - 2017-05-01 04:26 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-25 16:46 - 2017-05-01 04:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-25 05:47 - 2017-04-25 06:04 - 00000000 ____D C:\Users\missih2008\AppData\Local\ElevatedDiagnostics
2017-04-24 23:13 - 2017-05-03 04:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-24 23:12 - 2017-04-24 23:12 - 00000000 ____D C:\WINDOWS\pss
2017-04-24 22:43 - 2017-04-24 23:34 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-04-24 22:43 - 2017-04-24 22:43 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-04-24 22:23 - 2017-04-24 22:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_NxpNfpProvider_01_11_00.Wdf
2017-04-24 22:00 - 2017-04-25 17:27 - 00000279 _____ C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-04-24 21:06 - 2017-04-24 21:06 - 00003268 _____ C:\WINDOWS\System32\Tasks\{F50E23B1-2AAD-4416-9810-3BD0858584CE}
2017-04-24 21:01 - 2017-04-24 21:01 - 00732628 _____ C:\WINDOWS\Minidump\042417-14406-01.dmp
2017-04-24 20:59 - 2017-04-24 20:59 - 00000000 ____D C:\Users\missih2008\AppData\Local\CEF
2017-04-24 20:58 - 2017-04-24 20:58 - 00000000 ____D C:\Users\missih2008\AppData\Local\CrashRpt
2017-04-24 20:57 - 2017-05-04 04:14 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52275DAA-4684-476E-BBAD-47FB2CBABF8F}
2017-04-24 20:56 - 2017-04-24 20:56 - 00000055 _____ C:\WINDOWS\key.ini
2017-04-24 20:55 - 2017-04-25 17:27 - 00000000 ____D C:\Program Files (x86)\Querulous
2017-04-24 20:55 - 2017-04-24 20:55 - 00907160 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys.36346aab
2017-04-24 20:55 - 2017-04-24 20:55 - 00000000 ____H C:\WINDOWS\system32\BITA5AB.tmp
2017-04-24 20:55 - 2017-04-24 20:55 - 00000000 ____H C:\WINDOWS\system32\BIT6F68.tmp
2017-04-24 20:55 - 2017-04-24 20:55 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-04-24 20:55 - 2017-04-24 20:55 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-24 20:55 - 2017-04-24 20:55 - 00000000 ____D C:\Program Files (x86)\iola
2017-04-24 20:54 - 2017-04-25 17:27 - 00001175 _____ C:\Users\missih2008\Desktop\SUPER (C).lnk
2017-04-24 20:54 - 2017-04-24 20:54 - 00000000 ____H C:\WINDOWS\system32\BIT4634.tmp
2017-04-24 20:54 - 2017-04-24 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER (C) - by eRightSoft
2017-04-24 20:54 - 2016-05-05 13:23 - 01085624 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLvideo.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00561336 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLsplit.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00556216 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00537784 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00405176 __RSH (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00276152 __RSH C:\WINDOWS\SysWOW64\libbluray.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00263864 __RSH (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\HLaudio.dll
2017-04-24 20:54 - 2016-05-05 13:23 - 00000493 __RSH C:\WINDOWS\SysWOW64\LAVFilters.Dependencies.manifest
2017-04-24 20:54 - 2016-05-05 13:22 - 10766520 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2017-04-24 20:54 - 2016-05-05 13:22 - 01699000 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2017-04-24 20:54 - 2016-05-05 13:22 - 00188088 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2017-04-24 20:54 - 2016-05-05 13:22 - 00160440 __RSH (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2017-04-24 20:54 - 2014-03-07 13:03 - 00293888 __RSH C:\WINDOWS\SysWOW64\avcodec-lav-1321.dll
2017-04-24 20:54 - 2012-10-05 19:54 - 00188416 __RSH C:\WINDOWS\SysWOW64\winDCE32.dll
2017-04-24 20:54 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Olepau32.ax
2017-04-24 20:54 - 2011-06-14 20:05 - 00121344 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.ax
2017-04-24 20:54 - 2011-02-11 10:26 - 00112128 __RSH C:\WINDOWS\SysWOW64\OptimFROG.dll
2017-04-24 20:54 - 2010-01-07 00:00 - 00107520 __RSH C:\WINDOWS\SysWOW64\TAKDSDecoder.dll
2017-04-24 20:54 - 2009-08-10 23:00 - 00352768 __RSH C:\WINDOWS\SysWOW64\ac3DX.ax
2017-04-24 20:54 - 2005-02-22 17:55 - 00081920 __RSH C:\WINDOWS\SysWOW64\aac_parser.ax
2017-04-24 20:54 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2017-04-24 20:54 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2017-04-24 20:54 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\WINDOWS\SysWOW64\RLOFRDec.ax
2017-04-24 20:54 - 2004-04-05 10:31 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-04-24 20:54 - 2004-04-05 10:31 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-04-24 20:53 - 2017-04-26 21:12 - 00000000 ____D C:\Users\missih2008\AppData\Local\wqkym
2017-04-24 20:53 - 2017-04-26 21:12 - 00000000 ____D C:\Users\missih2008\AppData\Local\bkafcdccwy
2017-04-24 20:53 - 2017-04-24 20:53 - 00000000 ____D C:\Users\missih2008\AppData\Roaming\c
2017-04-24 20:53 - 2017-04-24 20:53 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2017-04-13 12:28 - 2017-03-28 03:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-13 12:28 - 2017-03-28 03:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-13 12:28 - 2017-03-28 02:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-13 12:28 - 2017-03-28 02:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-13 12:28 - 2017-03-28 02:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-13 12:28 - 2017-03-28 02:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-13 12:28 - 2017-03-28 02:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-13 12:28 - 2017-03-28 02:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-13 12:28 - 2017-03-28 02:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-13 12:28 - 2017-03-28 02:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-13 12:28 - 2017-03-28 02:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-13 12:28 - 2017-03-28 02:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-13 12:28 - 2017-03-28 02:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-13 12:28 - 2017-03-28 02:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-13 12:28 - 2017-03-28 02:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-13 12:28 - 2017-03-28 02:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-13 12:28 - 2017-03-28 02:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-13 12:28 - 2017-03-28 02:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-13 12:28 - 2017-03-28 02:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-13 12:28 - 2017-03-28 02:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-13 12:28 - 2017-03-28 02:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-13 12:28 - 2017-03-28 02:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-13 12:28 - 2017-03-28 02:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-13 12:28 - 2017-03-28 02:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-13 12:28 - 2017-03-28 02:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-13 12:28 - 2017-03-28 02:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-13 12:28 - 2017-03-28 02:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-13 12:28 - 2017-03-28 02:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-13 12:28 - 2017-03-28 02:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-13 12:28 - 2017-03-28 02:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-13 12:28 - 2017-03-28 02:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-13 12:28 - 2017-03-28 02:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-13 12:28 - 2017-03-28 02:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-13 12:28 - 2017-03-28 01:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-13 12:28 - 2017-03-28 01:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-13 12:28 - 2017-03-28 01:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-13 12:28 - 2017-03-28 01:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-13 12:28 - 2017-03-28 01:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-13 12:28 - 2017-03-28 01:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-13 12:28 - 2017-03-28 01:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-13 12:28 - 2017-03-28 01:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-13 12:28 - 2017-03-28 01:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-13 12:28 - 2017-03-28 01:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-13 12:28 - 2017-03-28 01:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-13 12:28 - 2017-03-28 01:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-13 12:28 - 2017-03-28 01:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-13 12:28 - 2017-03-28 01:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-13 12:28 - 2017-03-28 01:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-13 12:28 - 2017-03-28 01:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-13 12:28 - 2017-03-28 01:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-13 12:28 - 2017-03-28 01:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-13 12:28 - 2017-03-28 01:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-13 12:28 - 2017-03-28 01:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-13 12:28 - 2017-03-28 01:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-13 12:28 - 2017-03-28 01:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-13 12:28 - 2017-03-28 01:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-13 12:28 - 2017-03-28 01:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-13 12:28 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-13 12:28 - 2017-03-28 01:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-13 12:28 - 2017-03-28 01:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-13 12:28 - 2017-03-28 01:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-13 12:28 - 2017-03-28 01:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

marioxb · May 4, 2017

2017-04-13 12:28 - 2017-03-28 01:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-13 12:28 - 2017-03-28 01:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-13 12:28 - 2017-03-28 01:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-13 12:28 - 2017-03-28 01:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-13 12:28 - 2017-03-28 01:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-13 12:28 - 2017-03-28 01:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-13 12:28 - 2017-03-28 01:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-13 12:28 - 2017-03-28 01:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-13 12:28 - 2017-03-28 01:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-13 12:28 - 2017-03-28 01:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-13 12:28 - 2017-03-28 01:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-13 12:28 - 2017-03-28 01:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-13 12:28 - 2017-03-28 01:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-13 12:28 - 2017-03-28 01:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-13 12:28 - 2017-03-28 01:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-13 12:28 - 2017-03-28 01:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-13 12:28 - 2017-03-28 01:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-13 12:28 - 2017-03-28 01:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-13 12:28 - 2017-03-28 01:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-13 12:28 - 2017-03-28 01:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-13 12:28 - 2017-03-28 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-13 12:28 - 2017-03-28 01:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-13 12:28 - 2017-03-28 01:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-13 12:28 - 2017-03-28 01:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-13 12:28 - 2017-03-28 01:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-13 12:28 - 2017-03-28 01:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-13 12:28 - 2017-03-28 01:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-13 12:28 - 2017-03-28 01:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-13 12:28 - 2017-03-28 01:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-13 12:28 - 2017-03-28 01:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-13 12:28 - 2017-03-28 01:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-13 12:28 - 2017-03-28 01:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-13 12:28 - 2017-03-28 01:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-13 12:28 - 2017-03-28 01:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-13 12:28 - 2017-03-28 01:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-13 12:28 - 2017-03-28 01:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-13 12:28 - 2017-03-28 01:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-13 12:28 - 2017-03-28 01:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-13 12:28 - 2017-03-28 01:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-13 12:28 - 2017-03-28 01:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-13 12:28 - 2017-03-28 01:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-13 12:28 - 2017-03-28 01:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-13 12:28 - 2017-03-28 01:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-13 12:28 - 2017-03-28 01:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-13 12:28 - 2017-03-28 01:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-13 12:28 - 2017-03-28 01:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-13 12:28 - 2017-03-28 01:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-13 12:28 - 2017-03-28 01:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-13 12:28 - 2017-03-28 01:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-13 12:28 - 2017-03-28 01:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-13 12:28 - 2017-03-28 01:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-13 12:28 - 2017-03-28 01:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-13 12:28 - 2017-03-28 01:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-13 12:28 - 2017-03-28 01:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-13 12:28 - 2017-03-28 01:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-13 12:28 - 2017-03-28 01:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-13 12:28 - 2017-03-28 01:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-13 12:28 - 2017-03-28 01:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-13 12:28 - 2017-03-28 01:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-13 12:28 - 2017-03-28 01:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-13 12:28 - 2017-03-28 01:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-13 12:28 - 2017-03-28 01:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-13 12:28 - 2017-03-28 01:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-13 12:28 - 2017-03-28 01:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-13 12:28 - 2017-03-28 01:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-13 12:28 - 2017-03-28 01:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-13 12:28 - 2017-03-28 01:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-13 12:28 - 2017-03-28 01:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-13 12:28 - 2017-03-28 01:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-13 12:28 - 2017-03-28 01:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-13 12:28 - 2017-03-28 01:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-13 12:28 - 2017-03-28 01:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-13 12:28 - 2017-03-28 01:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-13 12:28 - 2017-03-28 01:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-13 12:28 - 2017-03-28 01:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-13 12:28 - 2017-03-28 01:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-13 12:28 - 2017-03-28 01:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-13 12:28 - 2017-03-28 01:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-13 12:28 - 2017-03-28 01:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-13 12:28 - 2017-03-28 01:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-13 12:28 - 2017-03-28 01:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-13 12:28 - 2017-03-28 01:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-13 12:28 - 2017-03-28 01:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-13 12:28 - 2017-03-28 01:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-13 12:28 - 2017-03-28 01:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-13 12:28 - 2017-03-28 01:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-13 12:28 - 2017-03-28 00:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-13 12:28 - 2017-03-16 00:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-13 12:27 - 2017-03-28 02:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-13 12:27 - 2017-03-28 02:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-13 12:27 - 2017-03-28 02:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-13 12:27 - 2017-03-28 02:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-13 12:27 - 2017-03-28 02:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-13 12:27 - 2017-03-28 02:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-13 12:27 - 2017-03-28 02:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-13 12:27 - 2017-03-28 02:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-13 12:27 - 2017-03-28 02:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-13 12:27 - 2017-03-28 02:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-13 12:27 - 2017-03-28 02:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-13 12:27 - 2017-03-28 02:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-13 12:27 - 2017-03-28 02:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-13 12:27 - 2017-03-28 02:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-13 12:27 - 2017-03-28 02:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-13 12:27 - 2017-03-28 02:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-13 12:27 - 2017-03-28 02:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-13 12:27 - 2017-03-28 02:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-13 12:27 - 2017-03-28 01:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-13 12:27 - 2017-03-28 01:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-13 12:27 - 2017-03-28 01:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-13 12:27 - 2017-03-28 01:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-13 12:27 - 2017-03-28 01:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-13 12:27 - 2017-03-28 01:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-13 12:27 - 2017-03-28 01:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-13 12:27 - 2017-03-28 01:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-13 12:27 - 2017-03-28 01:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-13 12:27 - 2017-03-28 01:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-13 12:27 - 2017-03-28 01:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-13 12:27 - 2017-03-28 01:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-13 12:27 - 2017-03-28 01:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-13 12:27 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-13 12:27 - 2017-03-28 01:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-13 12:27 - 2017-03-28 01:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-13 12:27 - 2017-03-28 01:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-13 12:27 - 2017-03-28 01:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-13 12:27 - 2017-03-28 01:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-13 12:27 - 2017-03-28 01:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-13 12:27 - 2017-03-28 01:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-13 12:27 - 2017-03-28 01:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-13 12:27 - 2017-03-28 01:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-13 12:27 - 2017-03-28 01:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-13 12:27 - 2017-03-28 01:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-13 12:27 - 2017-03-28 01:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-13 12:27 - 2017-03-28 01:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-13 12:27 - 2017-03-28 01:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-13 12:27 - 2017-03-28 01:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-13 12:27 - 2017-03-28 01:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-13 12:27 - 2017-03-28 01:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-13 12:27 - 2017-03-28 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-13 12:27 - 2017-03-28 01:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-13 12:27 - 2017-03-28 01:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-13 12:27 - 2017-03-28 01:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-13 12:27 - 2017-03-28 01:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-13 12:27 - 2017-03-28 01:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-13 12:27 - 2017-03-28 01:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-13 12:27 - 2017-03-28 01:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-13 12:27 - 2017-03-28 01:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-13 12:27 - 2017-03-28 01:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-13 12:27 - 2017-03-28 01:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-13 12:27 - 2017-03-28 01:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-13 12:27 - 2017-03-28 01:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-13 12:27 - 2017-03-28 01:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-13 12:27 - 2017-03-28 01:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-13 12:27 - 2017-03-28 01:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-13 12:27 - 2017-03-28 01:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-13 12:27 - 2017-03-28 01:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-13 12:27 - 2017-03-28 01:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-13 12:27 - 2017-03-28 01:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-13 12:27 - 2017-03-28 01:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-13 12:27 - 2017-03-28 01:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-13 12:27 - 2017-03-28 01:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-13 12:27 - 2017-03-28 01:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-13 12:27 - 2017-03-28 01:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-13 12:27 - 2017-03-28 01:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-13 12:27 - 2017-03-28 01:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-13 12:27 - 2017-03-28 01:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-13 12:27 - 2017-03-18 12:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-13 12:27 - 2017-03-18 12:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-13 12:27 - 2017-03-16 00:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-11 01:38 - 2017-04-11 01:38 - 00041198 _____ C:\WINDOWS\billabong.exe
2017-04-08 08:02 - 2017-04-08 08:02 - 00127665 _____ C:\Users\missih2008\Downloads\wellsfargocar.pdf
2017-04-07 17:50 - 2017-04-07 17:50 - 00000000 ____D C:\Users\missih2008\AppData\LocalLow\Temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-04 04:14 - 2016-11-28 10:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-03 22:57 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-03 20:40 - 2016-11-25 21:09 - 00000000 ____D C:\Users\missih2008\Desktop\Daddy & Mama's wedding
2017-05-03 17:55 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-03 17:54 - 2016-04-14 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-03 17:40 - 2017-03-30 05:07 - 00000000 ____D C:\Users\missih2008\AppData\Local\Google
2017-05-03 17:40 - 2017-03-30 05:07 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-03 04:44 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-03 04:38 - 2016-11-25 21:17 - 00000000 ____D C:\Users\missih2008\Desktop\Tom & Missi's beach wedding
2017-05-03 04:38 - 2016-04-14 11:22 - 00792460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-03 04:33 - 2016-11-28 10:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-03 04:33 - 2016-11-28 10:03 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-03 04:33 - 2016-07-16 02:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-05-03 04:32 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-03 03:43 - 2016-09-30 05:57 - 00000000 ____D C:\Users\missih2008\AppData\Local\Packages
2017-05-03 03:43 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-03 03:43 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-03 03:42 - 2016-04-14 11:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-03 03:37 - 2016-11-28 10:05 - 00000000 ____D C:\Users\missih2008
2017-05-02 22:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-01 10:45 - 2017-01-11 19:37 - 00000000 ____D C:\Users\missih2008\Desktop\Daddy
2017-05-01 10:45 - 2015-11-07 20:35 - 00000000 ____D C:\WINDOWS\sec
2017-04-26 22:13 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-04-25 18:47 - 2016-12-23 08:59 - 632929302 _____ C:\WINDOWS\MEMORY.DMP
2017-04-25 18:47 - 2016-12-23 08:59 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-25 17:27 - 2016-12-02 00:01 - 00002056 _____ C:\Users\Public\Desktop\Gear 360 ActionDirector (64-bit).lnk
2017-04-25 17:27 - 2016-11-28 10:08 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-25 17:27 - 2016-11-13 23:03 - 00002376 _____ C:\Users\missih2008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-04-25 17:27 - 2016-04-14 11:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-04-24 23:11 - 2016-09-30 05:59 - 00000000 ___RD C:\Users\missih2008\OneDrive
2017-04-24 23:10 - 2016-09-30 05:57 - 00000000 __SHD C:\Users\missih2008\IntelGraphicsProfiles
2017-04-24 21:51 - 2017-02-07 08:39 - 00000000 ____D C:\Users\missih2008\Desktop\phone pics
2017-04-24 20:59 - 2016-11-13 22:55 - 00000000 ____D C:\Users\missih2008\AppData\Local\MicrosoftEdge
2017-04-15 22:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-14 08:22 - 2016-04-15 03:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-14 06:09 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-14 06:09 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-14 00:27 - 2016-11-16 17:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-14 00:26 - 2016-11-16 17:32 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-09 12:26 - 2016-11-13 23:04 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-05-01 05:14 - 2017-05-01 05:14 - 0000017 _____ () C:\Users\missih2008\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-03 04:46

==================== End of FRST.txt ============================

marioxb · May 4, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01
Ran by missih2008 (04-05-2017 04:18:59)
Running from C:\Users\missih2008\Desktop\logs\New folder (2)
Windows 10 Home Version 1607 (X64) (2016-11-28 14:11:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-518189975-3182195723-3434051544-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-518189975-3182195723-3434051544-503 - Limited - Disabled)
Guest (S-1-5-21-518189975-3182195723-3434051544-501 - Limited - Disabled)
missih2008 (S-1-5-21-518189975-3182195723-3434051544-1001 - Administrator - Enabled) => C:\Users\missih2008

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{d80aa328-b07f-4d4f-be47-71405d28a291}) (Version: 1.2.85.29279 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.85.29279 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.7.1.26756 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.3.2987.2552 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.5.0.5091 - Avira Operations GmbH & Co. KG)
Broadcom Location Sensor (HKLM\...\{B83E71FC-E2DF-46F2-9657-C37C96956B07}) (Version: 20.24.8864.18 - Broadcom Corporation)
CyberLink Gear 360 ActionDirector (HKLM-x32\...\{FC31E4CB-314B-45DE-ABB8-AD086547F6B2}) (Version: 1.0.0.2005 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.8.1052 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® 2D Imaging (HKLM\...\{945A43C1-57DA-4F91-92EB-5B8FCA579EE5}) (Version: 1.0.0.1 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-518189975-3182195723-3434051544-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10380 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.270 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7775 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Flow Driver (HKLM-x32\...\Samsung Flow Driver) (Version: 1.4.5.9 - Samsung Electronics Co., Ltd.)
Samsung OSD (HKLM-x32\...\{5737652F-989E-4A75-A95A-55324B9DB845}) (Version: 1.0.9.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery (HKLM\...\{D21EED26-59C0-4315-BDCC-D682496465E9}) (Version: 7.3.0 - Samsung Electronics Co., Ltd.)
Samsung System Agent (HKLM-x32\...\{FA7CC561-3757-4EBB-89F9-9486F0D01CFD}) (Version: 1.0.37 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{06E8E156-6993-4A23-805A-B95C0012D743}) (Version: 2.2.44 - Samsung Electronics Co., Ltd.)
Show Window (HKLM-x32\...\{75B927A8-3543-43BC-9389-E56118BD1340}) (Version: 1.0.0.13 - Samsung Electronics Co., Ltd.)
SUPER (C) v2017.Build.71+3D+Recorder version released on (2017/ (HKLM-x32\...\{FF02DB05-F906-405E-B62B-1780A236C052}_is1) (Version: released on (2017/04/07), - eRightSoft)
TabPro Pen Manager (HKLM-x32\...\TabPro Pen Manager) (Version: 1.0.1.9 - Samsung Electronics Co, Ltd.)
WlSarService (Version: 1.0.0.2 - Samsung Electronics Co., Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01298E1F-9A61-408E-8C14-A718A5BF659B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-30] (Google Inc.)
Task: {161D421A-98A9-4CE7-940A-3F150918CF60} - System32\Tasks\Samsung\SRS\SRS Logon => C:\Program Files\Samsung\Recovery\SRSMessages.exe [2016-03-23] (Samsung Electronics)
Task: {225A9226-F5B0-4FE2-9ADC-B894E86B1046} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-04-07] (Avira Operations GmbH & Co. KG)
Task: {3F865C7B-0869-4CB0-BEC6-F9593D58168C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {62D5578A-1664-425C-AA7F-7C5FA27026EA} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-05-03] (Avira Operations GmbH & Co. KG )
Task: {72931E82-51E8-48B9-8068-C7D29B7F7A83} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-05-03] (Avira Operations GmbH & Co. KG)
Task: {75D8A362-31A2-4A35-ADED-D02864AF95D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {9F16B56B-CBB4-4951-B27B-C202FA893256} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-23] (Samsung Electronics CO., LTD.)
Task: {A01E0CC5-199F-4D8B-BD3E-522439C0D83D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-30] (Google Inc.)
Task: {B6FCD4F4-E0FC-4223-93EC-7768ADA8D307} - System32\Tasks\{F50E23B1-2AAD-4416-9810-3BD0858584CE} => pcalua.exe -a C:\Users\missih2008\AppData\Local\uninstallro.exe
Task: {C596BC05-AC53-4C86-8FA3-F80A0185FC92} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-04-07] (Avira Operations GmbH & Co. KG)
Task: {DCC4AFF8-554A-4E1F-9131-C8E36D881A2E} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-05-03] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-13 12:28 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-01 04:26 - 2017-05-03 04:49 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-01-20 08:00 - 2016-01-19 14:54 - 00064904 _____ () C:\Windows\System32\drivers\UMDF\K2HHAcc.dll
2016-01-23 03:01 - 2016-01-22 04:02 - 00057336 _____ () C:\Windows\System32\drivers\UMDF\BH1730Als.dll
2017-04-13 12:28 - 2017-03-28 02:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-21 01:17 - 2017-05-03 03:42 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-28 13:00 - 2016-11-28 13:00 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 19:00 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 19:00 - 2017-03-04 02:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-05-03 21:40 - 2016-05-03 21:40 - 00203776 _____ () C:\Program Files (x86)\Samsung\TabPro Pen Manager\TabPro Pen Manager.exe
2017-05-03 03:41 - 2017-05-03 03:42 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-03 03:41 - 2017-05-03 03:42 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-03 03:41 - 2017-05-03 03:42 - 43012096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-03 03:41 - 2017-05-03 03:42 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-15 19:00 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-06 17:48 - 2017-04-06 17:49 - 01695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57711.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-05-03 03:40 - 2017-05-03 03:41 - 13097664 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57711.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-05-03 03:40 - 2017-05-03 03:41 - 00146624 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57711.0_x64__8wekyb3d8bbwe\textinputdriver.dll
2017-04-04 20:43 - 2017-04-04 20:44 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-04-04 20:43 - 2017-04-04 20:44 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-04-04 20:43 - 2017-04-04 20:44 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-03-15 18:27 - 2017-03-15 18:27 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-03-15 19:00 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 19:00 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-13 12:28 - 2017-03-28 01:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-13 12:28 - 2017-03-28 01:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-13 12:28 - 2017-03-28 01:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-04-30 20:54 - 2017-05-03 04:13 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-518189975-3182195723-3434051544-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\missih2008\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{64ccfdb9-f5d0-43e4-a6a1-1735a1ce995c}.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: BLEPenSvr => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClavisPcService => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: DcpSvc => 3
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: DoSvc => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: Grip Sensor Reset Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: mockingly => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: Samsung System Service => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SWUpdateService => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 2
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: WlSarService => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{72981C95-B332-41BD-BB0B-246833846630}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8A7BCD13-7FBA-401B-8A87-641727D6D856}] => (Allow) C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemAgent.exe
FirewallRules: [{D8C2C3AB-5A17-4E2F-92F7-CCCCC67E1C9D}] => (Allow) C:\Program Files\Samsung\ActionDirector\PDR10.EXE
FirewallRules: [{6F80CBD8-E216-415A-BE1A-3298AF4F2680}] => (Allow) C:\Users\missih2008\AppData\Local\ddnowyes.exe
FirewallRules: [{E35A7DDC-B253-40D0-ABA0-D23CE00F3FD0}] => (Allow) C:\Users\missih2008\AppData\Local\Temp\239cc4ce094a4c67b8fd14e4e73dfdb2\setup.exe
FirewallRules: [{24C15A26-9542-4379-8125-07F3811ECDD1}] => (Allow) C:\Users\missih2008\AppData\Local\64278824.exe
FirewallRules: [{C17DB131-E134-49D0-865B-7A00515C9615}] => (Allow) C:\Users\missih2008\AppData\Local\tinstall.exe
FirewallRules: [{54EF58EA-37CD-4988-93F6-F1A04F373C06}] => (Allow) C:\Users\missih2008\AppData\Local\sc32834205.exe
FirewallRules: [{E3C2CFBC-01B7-4697-81E3-42B14762D69B}] => (Allow) C:\Users\missih2008\AppData\Local\ddnow.exe
FirewallRules: [{95CCEC36-702B-4B04-A852-055BB785B470}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{0BF40E08-7B27-4963-B74A-5B278AC764B0}] => (Allow) C:\Program Files (x86)\rumbaugh\trekkers.exe
FirewallRules: [{68709E8E-A457-41CD-8455-5D88657F5E49}] => (Allow) C:\Program Files (x86)\rumbaugh\naturalize.exe
FirewallRules: [{D733568A-A8D6-49BB-BFF6-6C71D88B1EEC}] => (Allow) C:\Program Files (x86)\Querulous\repeatability.exe
FirewallRules: [{9AB024B2-D8D9-4BBF-A5D1-54901DD2AEDC}] => (Allow) C:\WINDOWS\templars.exe
FirewallRules: [TCP Query User{94B3604C-5EB6-494C-9439-9C80A328330F}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{9926248A-5EF1-4DC0-8DB7-071FA979620C}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{3F875A81-DE06-4C60-BF9D-C68ABBDBAFB7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{153A8A8B-FE73-413C-8DF1-5613A67570DE}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe

==================== Restore Points =========================

24-04-2017 21:30:31 Removed WeatherBuddy
01-05-2017 11:38:33 Windows Update
02-05-2017 22:56:22 Windows Modules Installer
03-05-2017 17:57:02 Avira System Speedup 1.0.0

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2017 02:12:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-90FI0FD)
Description: Package Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (05/04/2017 01:12:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-90FI0FD)
Description: Package Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (05/03/2017 05:57:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/03/2017 08:44:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-90FI0FD)
Description: Package Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (05/03/2017 06:29:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-90FI0FD)
Description: Package Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (05/03/2017 04:35:37 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (05/03/2017 04:35:37 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (05/03/2017 04:33:34 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

Error: (05/03/2017 04:33:34 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (05/03/2017 04:33:33 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

System errors:
=============
Error: (05/04/2017 01:17:25 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.10.
The computer with the IP address 192.168.2.6 did not allow the name to be claimed by
this computer.

Error: (05/04/2017 01:10:58 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MISSI-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{257D86D9-BE09-44AA-8EDB-6D1428755851}.
The master browser is stopping or an election is being forced.

Error: (05/03/2017 11:04:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2017 10:57:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2017 06:46:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-90FI0FD)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/03/2017 06:28:46 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MISSI-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{257D86D9-BE09-44AA-8EDB-6D1428755851}.
The master browser is stopping or an election is being forced.

Error: (05/03/2017 06:14:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2017 05:00:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2017 04:50:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MISSI-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{257D86D9-BE09-44AA-8EDB-6D1428755851}.
The master browser is stopping or an election is being forced.

Error: (05/03/2017 06:56:48 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.10.
The computer with the IP address 192.168.2.6 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
Date: 2017-05-01 11:33:04.795
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) m3-6Y30 CPU @ 0.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8093.17 MB
Available physical RAM: 4833.36 MB
Total Virtual: 9373.17 MB
Available Virtual: 5409.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:227.46 GB) (Free:165.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 26EA9241)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · May 4, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

marioxb · May 5, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-05-2017 02
Ran by missih2008 (05-05-2017 19:14:20) Run:3
Running from C:\Users\missih2008\Desktop\logs\New folder (2)
Loaded Profiles: missih2008 (Available Profiles: missih2008)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShortcutTarget: ok8960452.lnk -> C:\Program Files (x86)\rumbaugh\trekkers.exe (No File)
ShortcutTarget: ok8960452unamplified.lnk -> C:\Program Files (x86)\Querulous\repeatability.exe (No File)
ShortcutTarget: unamplified.lnk -> C:\Program Files (x86)\rumbaugh\trekkers.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2017-05-01 05:14 - 2017-05-01 05:14 - 0000017 _____ () C:\Users\missih2008\AppData\Local\resmon.resmoncfg

*****************

C:\Program Files (x86)\rumbaugh\trekkers.exe => not found.
C:\Program Files (x86)\Querulous\repeatability.exe => not found.
C:\Program Files (x86)\rumbaugh\trekkers.exe => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-518189975-3182195723-3434051544-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"C:\Users\missih2008\AppData\Local\resmon.resmoncfg" => not found.

==== End of Fixlog 19:14:20 ====

Broni · May 5, 2017

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

marioxb · May 6, 2017

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (58.0.3029.96)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Avira Antivirus sched.exe
Avira Antivirus avshadow.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

marioxb · May 6, 2017

Farbar Service Scanner Version: 27-01-2016
Ran by missih2008 (administrator) on 06-05-2017 at 09:27:04
Running from "C:\Users\missih2008\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

marioxb · May 6, 2017

TFC and Sophos did not generate log files. (No threats)

Broni · May 6, 2017

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

marioxb · May 6, 2017

Thanks a lot! My wife and I appreciate your help! Will let you know how everything is going!

Broni · May 6, 2017

Way to go!!
Good luck and stay safe

Solved SmartService rootkit. Problem with Searching.com. Can't install/ run most programs.

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +517

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +517

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +517

Attachments

Posts: 37 +0

Posts: 56,041 +517

Posts: 37 +0

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +517

Posts: 37 +0

Posts: 56,041 +517

Similar threads