Help with removing adware

**Tom_Ashton** · 09-29-2017, 04:38 PM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Tom (29-09-2017 16:41:25) Run:1
Running from D:\Downloads (D)
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal[/HEADING]
fixlist content:

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001...\Run: [BingSvc] => C:\Users\Tom\AppData\Local\Microsoft\BingSvc\BingS vc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)
AutoConfigURL: [S-1-5-21-2235556512-3620655794-2756196336-1001] => hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757
ManualProxies: 0hxxp://accessunlimitedweb.com/wpad.dat?eba26c9b7e75eb6c2021304adf1dc75435690757
CHR DefaultSearchURL: Default → hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=PARAM&q={searchTerms}
CHR DefaultSearchKeyword: Default → bing.com
CHR DefaultSuggestURL: Default → hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=PARAM&query={searchTerms}
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjcl cpibde [2017-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-09-24]
R1 MpKsl7aecbb60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys [44928 2017-09-24] (Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Definition Updates{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys
Zip: C:\WINDOWS\Minidump
C:\Users\Tom\AppData\Local\Temp_is365B.exe
C:\Users\Tom\AppData\Local\Temp_is6467.exe
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => → No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 → C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3 .6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 → C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3 .6998.0830\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 → C:\Users\Tom\AppData\Local\Microsoft\OneDrive\17.3 .6998.0830\amd64\FileSyncShell64.dll => No File
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Run \BingSvc => value removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\AutoConfigURL => value not found.
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjcl cpibde [2017-09-24] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-09-24] => Error: No automatic fix found for this entry.
MpKsl7aecbb60 => service not found.
“C:\ProgramData\Microsoft\Windows Defender\Definition Updates{0BA0659A-5067-4713-9DE0-A817833F65C5}\MpKsl7aecbb60.sys” => not found.
================== Zip: ===================
C:\WINDOWS\Minidump → copied successfully to C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip
=========== Zip: End ===========
C:\Users\Tom\AppData\Local\Temp_is365B.exe => moved successfully
C:\Users\Tom\AppData\Local\Temp_is6467.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers\igfxDTCM => key removed successfully
HKLM\Software\Classes\CLSID{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => key not found.
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001_Classes\CLSID{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
C:\WINDOWS\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 86344007 B
Java, Flash, Steam htmlcache => 346023371 B
Windows/system/drivers => 18217506 B
Edge => 37261021 B
Chrome => 382816087 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4830 B
NetworkService => 733004 B
Tom => 1247380473 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:42:29 ====

My C Drive:

Zemana AntiMalware 2.74.2.150 (Installed)

Scan Result : Completed
Scan Date : 2017/9/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i3-6100 CPU @ 3.70GHz
BIOS Mode : Legacy
CUID : 122A28AEB59F31361D0402
Scan Type : Custom Scan
Duration : 16m 56s
Scanned Objects : 441201
Detected Objects : 6
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
ld.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\avr\bin\ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\avr\bin\ld.exe

ld.bfd.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\avr\bin\ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\avr\bin\ld.bfd.exe

avr-ld.bfd.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\bin\avr-ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\bin\avr-ld.bfd.exe

avr-ld.exe
Status : Scanned
Object : %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\bin\avr-ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\arduino15\packages\arduino\tools\av r-gcc\4.8.1-arduino5\bin\avr-ld.exe

INK.exe
Status : Scanned
Object : %programfiles%\steam\steamapps\common\ink\ink.exe
MD5 : 53D3FFB4D83C8DE75185527DC235D2F8
Publisher : -
Size : 14396928
Version : 1.0.0.1
Detection : Heur.Malicious!Pc
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\steam\steamapps\common\ink\ink.exe

winwb.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\fraqbc8wsa\5.5.6 310.18878\winwb.exe
MD5 : ED2F7A31369BC899B32002A03BDDACFA
Publisher : Web Bar Media
Size : 197352
Version : 5.5.6310.18878
Detection : Adware:Win32/WebBar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\fraqbc8wsa\5.5.6 310.18878\winwb.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 6
Reported as safe : 0
Failed : 0

My D Drive:

Zemana AntiMalware 2.74.2.150 (Installed)

Scan Result : Completed
Scan Date : 2017/9/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i3-6100 CPU @ 3.70GHz
BIOS Mode : Legacy
CUID : 122A28AEB59F31361D0402
Scan Type : Custom Scan
Duration : 4m 52s
Scanned Objects : 27554
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
ld.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.exe

ld.bfd.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.bfd.ex e
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\avr\bin\ld.bfd.ex e

avr-ld.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.exe

avr-ld.bfd.exe
Status : Scanned
Object : D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.bfd.exe
MD5 : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher : -
Size : 1084416
Version : -
Detection : Malware:Win32/Vorniac.A!Tktk
Cleaning Action : Quarantine
Related Objects :
File - D:\Program Files (x86)\Arduino\hardware\tools\avr\bin\avr-ld.bfd.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 4
Reported as safe : 0
Failed : 0

I dont use anything besides chrome so i dont know if the issue is there
ive done everything apart from the ads fix as it appears to have gone but if it is still here then i will do that and give you the report
If i have not seen anything to do with the adware in a couple of days then i will update you

**Malnutrition** · 09-29-2017, 08:22 PM

Originally posted by Tom Ashton

If i have not seen anything to do with the adware in a couple of days then i will update you

I’d like to see a fresh set of FRST logs for review please. Post them as you did when this thread first started, I want to check if I have missed anything.

**Tom_Ashton** · 09-30-2017, 02:29 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2017
Ran by Tom (administrator) on DESKTOP-VFLINGR (30-09-2017 15:30:07)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.ex e
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Copyright 2017.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-26] (Realtek Semiconductor)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM...\Run: [ShadowPlay] => “C:\WINDOWS\system32\rundll32.exe” C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.)
HKLM-x32...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074336 2017-09-27] (Valve Corporation)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001...\Run: [Spotify] => C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe [15849072 2017-07-17] (Spotify Ltd)
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001...\Run: [Spotify Web Helper] => C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHel per.exe [1579120 2017-07-17] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-09-25]
ShortcutTarget: SteelSeries Engine 3.lnk → C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Adobe Gamma.lnk [2017-08-02]
ShortcutTarget: Adobe Gamma.lnk → C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{9592b15e-0986-4b06-82d9-a04d32ecc759}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip..\Interfaces{9592b15e-0986-4b06-82d9-a04d32ecc759}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Internet Explorer:[/HEADING]
HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 → C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 → D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
[HEADING=1]Chrome:[/HEADING]
CHR HomePage: Default → msn.com
CHR DefaultSearchURL: Default → hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=PARAM&q={searchTerms}
CHR DefaultSearchKeyword: Default → bing.com
CHR DefaultSuggestURL: Default → hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=PARAM&query={searchTerms}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2017-09-30]
CHR Extension: (Google Slides) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-09-29]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-09-29]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-09-29]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-09-29]
CHR Extension: (Steam Powered) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnfggpncfadofhgkekcppnoni kpgbjm [2017-09-29]
CHR Extension: (Lumin PDF - Beautiful PDF Editor) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofck pcogcl [2017-09-29]
CHR Extension: (Google Sheets) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-09-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2017-09-29]
CHR Extension: (Qmee) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjcl cpibde [2017-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-09-29]
CHR Extension: (Enhanced Steam) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbf knbfhg [2017-09-29]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-09-29]
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235556512-3620655794-2756196336-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-08-02] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-09-22] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.ex e [225400 2017-04-06] (Logitech Inc.)
S2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [54552 2017-04-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-30] (Malwarebytes)
R1 MpKslde0c992c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{31EDB3C0-9559-4FFC-BB07-714850693E35}\MpKslde0c992c.sys [58120 2017-09-30] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45936 2017-08-15] (SteelSeries ApS)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicropho ne.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers .sys [40736 2017-07-21] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-29] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-29] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 14:06 - 2017-09-30 14:06 - 000031433 _____ C:\Users\Tom\Downloads\test.exe.zip
2017-09-30 13:59 - 2017-09-30 14:05 - 000000416 _____ C:\Users\Tom\Desktop\test.bat
2017-09-29 17:35 - 2017-09-29 17:35 - 000000000 ____D C:\AdsFix
2017-09-29 17:33 - 2017-09-29 17:33 - 005964200 _____ (SosVirus) C:\Users\Tom\Desktop\AdsFix.exe
2017-09-29 17:32 - 2017-09-29 17:32 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-09-29 17:32 - 2017-09-29 17:32 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-09-29 17:32 - 2017-09-29 17:32 - 000002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-29 17:32 - 2017-09-29 17:32 - 000002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-29 16:52 - 2017-09-29 16:50 - 001622528 _____ C:\Users\Tom\Desktop\ResetBrowser.exe
2017-09-29 16:47 - 2017-09-30 15:30 - 000134111 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-29 16:47 - 2017-09-30 15:30 - 000106682 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-29 16:47 - 2017-09-29 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-29 16:47 - 2017-09-29 16:47 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-29 16:47 - 2017-09-29 16:47 - 000000913 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-29 16:47 - 2017-09-29 16:47 - 000000000 ____D C:\Users\Tom\AppData\Local\Zemana
2017-09-29 16:47 - 2017-09-29 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-29 16:44 - 2017-09-29 16:42 - 000007029 _____ C:\Users\Tom\Desktop\Fixlog.txt
2017-09-29 16:41 - 2017-09-29 16:41 - 000455719 _____ C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip
2017-09-28 18:52 - 2017-09-28 18:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-28 18:16 - 2017-09-28 18:16 - 000007502 _____ C:\Users\Tom\Desktop\SecurityCheck.txt
2017-09-28 18:14 - 2017-09-28 18:14 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Tom\Desktop\SecurityCheck.exe
2017-09-28 18:14 - 2017-09-28 18:14 - 000000000 ____D C:\SecurityCheck
2017-09-28 18:11 - 2017-09-30 15:29 - 000000000 ____D C:\Users\Tom\Desktop\FRST-OlderVersion
2017-09-28 18:11 - 2017-09-28 18:11 - 000068381 _____ C:\Users\Tom\Desktop\FRST2.txt
2017-09-28 18:08 - 2017-09-28 18:08 - 000002525 _____ C:\Users\Tom\Desktop\fixlist.txt
2017-09-26 17:05 - 2017-09-26 17:05 - 000001080 _____ C:\Users\Tom\Desktop\AdwCleaner[S1].txt
2017-09-26 17:03 - 2017-09-26 17:03 - 000000624 _____ C:\Users\Tom\Desktop\JRT.txt
2017-09-26 16:58 - 2017-09-26 16:58 - 000004596 _____ C:\Users\Tom\Desktop\Rogue.txt
2017-09-26 16:38 - 2017-09-26 16:58 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-26 16:38 - 2017-09-26 16:38 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-26 16:36 - 2017-09-26 16:36 - 000001089 _____ C:\Users\Tom\Desktop\CTR.txt
2017-09-26 16:34 - 2017-09-26 16:34 - 026704968 _____ C:\Users\Tom\Desktop\RogueKiller_portable64.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 008182736 _____ (Malwarebytes) C:\Users\Tom\Desktop\adwcleaner_7.0.2.1.exe
2017-09-26 16:34 - 2017-09-26 16:34 - 001790024 _____ (Malwarebytes) C:\Users\Tom\Desktop\JRT.exe
2017-09-26 16:34 - 2017-09-26 16:32 - 000633386 _____ C:\Users\Tom\Desktop\SupRestric.zip
2017-09-25 17:05 - 2017-09-25 17:05 - 000156625 _____ C:\Users\Tom\Desktop\ZHPDiag.txt
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Roaming\ZHP
2017-09-25 17:02 - 2017-09-25 17:03 - 000000000 ____D C:\Users\Tom\AppData\Local\ZHP
2017-09-25 17:01 - 2017-09-25 17:01 - 002856832 _____ C:\Users\Tom\Desktop\ZHPDiag3.exe
2017-09-24 18:03 - 2017-09-24 18:03 - 000578404 _____ C:\WINDOWS\Minidump\092417-5015-01.dmp
2017-09-24 18:01 - 2017-09-24 18:01 - 000576684 _____ C:\WINDOWS\Minidump\092417-5000-01.dmp
2017-09-24 18:00 - 2017-09-24 18:00 - 005200384 _____ (AVAST Software) C:\Users\Tom\Desktop\aswmbr.exe
2017-09-24 17:59 - 2017-09-24 17:59 - 000075864 _____ C:\Users\Tom\Desktop\Addition.txt
2017-09-24 17:58 - 2017-09-30 15:30 - 000018616 _____ C:\Users\Tom\Desktop\FRST.txt
2017-09-24 17:58 - 2017-09-30 15:30 - 000000000 ____D C:\FRST
2017-09-24 17:55 - 2017-09-30 15:29 - 002399744 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2017-09-24 14:40 - 2017-09-26 17:04 - 000000000 ____D C:\AdwCleaner
2017-09-24 14:13 - 2017-09-24 17:03 - 000001065 _____ C:\Users\Tom\Desktop\google.txt
2017-09-24 11:53 - 2017-09-30 14:01 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-24 11:53 - 2017-09-30 10:46 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-24 11:53 - 2017-09-30 10:46 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-24 11:53 - 2017-09-30 10:23 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-24 11:53 - 2017-09-24 11:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-24 11:53 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-22 18:51 - 2017-09-22 18:51 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\2xMilk
2017-09-15 17:21 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Screaming Bee
2017-09-15 17:13 - 2017-09-15 17:21 - 000000000 ____D C:\ProgramData\Screaming Bee
2017-09-12 18:32 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 18:32 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 18:32 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 18:32 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 18:32 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:32 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 18:32 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 18:32 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 18:32 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 18:32 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 18:32 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 18:32 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:32 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 18:32 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 18:32 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 18:32 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:32 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 18:32 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 18:32 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 18:32 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 18:32 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 18:32 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 18:32 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 18:32 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 18:32 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:32 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 18:32 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 18:32 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:32 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 18:32 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 18:32 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 18:32 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:32 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:32 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 18:32 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 18:32 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:32 - 2017-09-05 05:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 18:32 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 18:32 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 18:32 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 18:32 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 18:32 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 18:32 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 18:32 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 18:32 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 18:32 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:32 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 18:32 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:32 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 18:32 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:32 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 18:32 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:32 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 18:32 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 18:32 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:32 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 18:32 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 18:32 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.Cura tedTileCollections.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 18:32 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 18:32 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 18:32 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 18:32 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 18:32 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:32 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 18:32 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:32 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 18:32 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 18:32 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 18:32 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 18:32 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 18:32 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 18:32 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 18:31 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 18:31 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 18:31 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 18:31 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 18:31 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 18:31 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 18:31 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 18:31 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:31 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 18:31 - 2017-09-05 06:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 18:31 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 18:31 - 2017-09-05 06:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 18:31 - 2017-09-05 06:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:31 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 18:31 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 18:31 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 18:31 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 18:31 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 18:31 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 18:31 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 18:31 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 18:31 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 18:31 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 18:31 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 18:31 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 18:31 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 18:31 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 18:31 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 18:31 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 18:31 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 18:31 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.service provider.dll
2017-09-12 18:31 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 18:31 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 18:31 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 18:31 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 18:31 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:31 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 18:31 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-11 17:35 - 2017-09-11 17:35 - 000000000 ___RD C:\Users\Tom\Documents\Downloads (D)
2017-09-10 20:52 - 2017-09-10 20:52 - 000000047 _____ C:\Users\Tom\Desktop\Release Dates.txt
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ___RD C:\Users\Tom\AppData\Roaming\Brother
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Brother
2017-09-04 15:21 - 2017-09-04 15:21 - 000000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-09-04 13:20 - 2017-09-04 13:20 - 000000000 ___D C:\Users\Tom\AppData\LocalLow\srylain Inc
2017-09-04 12:58 - 2017-09-04 13:02 - 000000000 ____D C:\Users\Tom\Documents\Guitar Hero III - Copy
2017-09-03 20:17 - 2017-09-03 20:20 - 000000000 ____D C:\Users\Tom\Documents\Volo Airsport
2017-09-03 20:17 - 2017-09-03 20:17 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Ramjet Anvil
2017-09-01 12:23 - 2017-09-24 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-01 12:23 - 2017-09-01 12:23 - 000683812 _____ C:\WINDOWS\Minidump\090117-7046-01.dmp
2017-09-01 10:57 - 2017-09-30 15:14 - 000000000 ____D C:\Users\Tom\AppData\Roaming\vlc
2017-09-01 10:46 - 2017-09-01 10:47 - 000000000 ____D C:\Users\Tom\AppData\Roaming\livestreamer
2017-08-31 18:30 - 2017-08-31 18:30 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Thunder Lotus Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 14:11 - 2016-06-26 17:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-30 12:25 - 2017-07-19 19:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-30 10:52 - 2017-07-19 19:46 - 001223990 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-30 10:49 - 2017-07-19 19:37 - 000000000 ____D C:\Users\Tom
2017-09-30 10:46 - 2017-07-19 19:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-30 10:46 - 2016-09-18 10:49 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-30 10:26 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-09-29 17:35 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Web
2017-09-29 17:31 - 2016-06-26 19:34 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-29 17:07 - 2017-07-21 20:17 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-29 16:55 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-29 16:55 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-29 16:42 - 2017-04-03 07:21 - 000000000 ____D C:\Users\Tom\AppData\LocalLow\Temp
2017-09-28 18:52 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 18:52 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-28 18:31 - 2016-06-29 20:21 - 000000000 ____D C:\Users\Tom\Documents_homework
2017-09-28 18:22 - 2016-06-26 15:04 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages
2017-09-26 16:54 - 2015-07-10 12:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-25 18:03 - 2017-07-16 09:53 - 000000000 ____D C:\Users\Tom\AppData\Roaming\steelseries-engine-3-client
2017-09-25 18:03 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-24 14:37 - 2016-06-26 15:05 - 000000000 ___RD C:\Users\Tom\OneDrive
2017-09-24 14:25 - 2016-06-26 19:34 - 000000000 ____D C:\Users\Tom\AppData\Local\Google
2017-09-24 14:19 - 2016-06-26 20:10 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-24 13:47 - 2017-02-18 19:28 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2017-09-22 19:09 - 2016-09-22 17:07 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-09-22 19:09 - 2016-09-22 17:06 - 000000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2017-09-22 19:09 - 2016-09-22 17:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-15 17:41 - 2017-03-13 18:09 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Audacity
2017-09-13 17:05 - 2016-04-27 07:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 17:04 - 2017-07-19 19:36 - 000388920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-12 20:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 18:35 - 2016-06-26 15:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 18:34 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 18:34 - 2016-06-26 15:58 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-10 19:07 - 2017-03-12 15:48 - 000000359 _____ C:\WINDOWS\BRRBCOM.INI
2017-09-09 17:18 - 2017-02-25 15:28 - 000000000 ____D C:\Users\Tom\AppData\Local\8BitBoy
2017-09-07 17:45 - 2016-10-29 12:51 - 000000000 ____D C:\Users\Tom\Documents\SavedGames
2017-09-03 14:18 - 2017-07-22 08:54 - 000000000 ____D C:\ProgramData\Remotr
2017-09-02 16:15 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 16:15 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-01 10:57 - 2017-03-03 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2016-11-12 19:32 - 2016-11-12 19:32 - 000002606 _____ () C:\Users\Tom\AppData\Roaming\TargetInvocationLog.t xt
2017-06-02 14:17 - 2017-06-02 14:17 - 000000000 _____ () C:\Users\Tom\AppData\Local\BlackstarMarketing.log
2017-06-02 15:21 - 2017-06-02 15:38 - 000000326 _____ () C:\Users\Tom\AppData\Local\insider.log
2017-07-31 13:21 - 2017-07-31 13:21 - 000007069 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2017-06-27 19:16 - 2017-06-27 19:16 - 000007589 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2017-07-19 19:37 - 2017-07-19 19:37 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-30 14:34

==================== End of FRST.txt ============================

There you go
Had no problems since my last post so its looking good

**Malnutrition** · 09-30-2017, 10:58 PM

Logs look ok, glad all is well for now.

Can you upload the following file in your next reply. >>>>>>> C:\Users\Tom\Desktop\29.09.2017_16.41.33.zip

Make sure and update all of your old programs with Patch My PC. Then post a new Security check log as well.

We are close to wrapping this up, so long as you have no more issues.

**Tom_Ashton** · 10-01-2017, 11:35 AM

Patch My PC 3.2.5.1 | Definitions: 30-Sep-2017 | 01/10/2017 12:20:17
Operating System: Microsoft Windows 10 Pro x64

Downloading iTunes x64 (239.98 MB)
iTunes x64 Downloaded Successfully
Installing iTunes x64 Silently
Install Successful for iTunes x64

Downloading 7Zip (1.59 MB)
7Zip Downloaded Successfully
Installing 7Zip Silently
Install Successful for 7Zip

Downloading WinRAR x64 (2.12 MB)
WinRAR x64 Downloaded Successfully
Installing WinRAR x64 Silently
Install Successful for WinRAR x64

Downloading Discord (51.82 MB)
Discord Downloaded Successfully
Installing Discord Silently
Install Successful for Discord

Downloading Skype (56.15 MB)
Skype Downloaded Successfully
Installing Skype Silently
Install Successful for Skype

Downloading TeamSpeak (74.45 MB)
TeamSpeak Downloaded Successfully
Installing TeamSpeak Silently
Install Successful for TeamSpeak

Downloading Nvidia PhysX (27.54 MB)
Nvidia PhysX Downloaded Successfully
Installing Nvidia PhysX Silently
Install Successful for Nvidia PhysX

Patch My PC Update Complete 01/10/2017 12:27:56

Is that good?

**Malnutrition** · 10-01-2017, 07:20 PM

All is well!! Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Downloads - DelFix - Download Now - ToolsLib’]

Download DelFix by “Xplode” to your Desktop.[/URL]
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

**Tom_Ashton** · 10-02-2017, 03:54 PM

I cant thank you enough.
If anybody that I know ever gets a virus then i will send them straight here
You guys are super helpful

Help with removing adware

Comment

Comment

Comment

Comment

Comment

Comment

Comment