User Tag List

Have viruses

This is a discussion on Have viruses within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, There was a software that was tried to be downloaded on my desktop pc but instead of downloading it


 
 
Thread Tools Search this Thread
Old 04-21-2018, 10:30 AM   #1
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

There was a software that was tried to be downloaded on my desktop pc but instead of downloading it install malware and viruses. I tried to use malwarebytes but, it's still there. It's keeping some software from updating and it's popping up a window and playing ads in the background among other stuff. 2 of them are called wonk and vegetative. I have made the scans on the pc and have attached here. You can see them in the list which all started on 4/19/18.

Thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.371
Run by Owner Pc at 12:25:49 on 2018-04-21
Microsoft Windows 10 Home 10.0.16299.0.1252.1.1033.18.3543.617 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus *Disabled/Updated* {C50510DE-367A-330C-FD5C-556ACFB11243}
SP: Spybot - Search and Destroy *Disabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
SP: AVG Antivirus *Disabled/Updated* {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS -p
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalService -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\sihost.exe
svchost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Laminar\wonk.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Users\Owner Pc\AppData\Local\wonk.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Users\Owner Pc\AppData\Local\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe
C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Laminar\wonk.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Users\Owner Pc\AppData\Local\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\wonk.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
C:\WINDOWS\system32\wermgr.exe
C:\Windows\System32\CastSrv.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\narcissists\mariachis.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\remotely\wonk.exe
C:\Program Files (x86)\Laminar\Vegetative.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Maharajah\Vegetative.exe
C:\WINDOWS\System32\cscript.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService -p
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} -
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -
uRun: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
uRun: [GoogleChromeAutoLaunch_14399BCFD00E0923DB73716F5BDDCFA3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [KiesPDLR.exe] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [unpreparedness] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
uRun: [unpreparednessmercurial] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
uRun: [unpreparednessunpreparedness] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
uRun: [sinks] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
uRun: [sinkspurse] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
uRun: [sinkssinks] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
uRun: [mariachis] "C:\Program Files (x86)\narcissists\mariachis.exe" qlvhrv
uRun: [unrepeatable] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
mRun: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
mRun: [Raptr] C:\Program Files (x86)\RAPTRI~1\Raptr\RAPTRS~1.EXE --startup
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mercurial] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
mRun: [mercurialunpreparedness] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
mRun: [mercurialmercurial] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
StartupFolder: C:\Users\OWNERP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ricci.lnk - C:\Program Files (x86)\Maharajah\Vegetative.exe
StartupFolder: C:\Users\OWNERP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RICCIR~1.LNK - C:\Program Files (x86)\remotely\wonk.exe
uPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:0
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{d8ec6137-d87a-414e-b587-e523386f92a5} : DHCPNameServer = 192.168.1.1
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
x64-Run: [AVGUI.exe] "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
x64-Run: [purse] "C:\Program Files (x86)\Maharajah\Vegetative.exe" qlvhrv
x64-Run: [pursesinks] "C:\Program Files (x86)\remotely\wonk.exe" qlvhrv
x64-Run: [pursepurse] "C:\Program Files (x86)\Laminar\Vegetative.exe" qlvhrv
x64-mPolicies-Explorer: MemCheckBoxInRunDlg = dword:0
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1 spywareinfo.com*-*This website is for sale!*-*spywareinfo Resources and Information.
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-12-12 36608]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\bin\a2ddax64.sys [2018-4-19 26176]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2018-4-10 240640]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2016-8-18 49448]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-04-21 16:20:34 -------- d-----w- C:\Users\Owner Pc\AppData\Local\msahcbo
2018-04-21 04:25:03 -------- d-----w- C:\Users\Owner Pc\AppData\Local\sbcgenx
2018-04-21 01:18:22 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nvcxdsh
2018-04-21 01:10:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2018-04-21 01:10:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-21 01:09:45 -------- d-----w- C:\Users\Owner Pc\AppData\Local\coatghz
2018-04-21 00:57:07 -------- d-----w- C:\Users\Owner Pc\AppData\Local\lmkrcnb
2018-04-21 00:02:09 -------- d-----w- C:\Users\Owner Pc\AppData\Local\zarnhvb
2018-04-20 20:02:14 -------- d-----w- C:\Users\Owner Pc\AppData\Local\zamcruv
2018-04-20 19:14:31 253880 ----a-w- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2018-04-20 19:14:06 77432 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2018-04-20 19:12:46 -------- d-----w- C:\ProgramData\MB3CoreBackup
2018-04-20 19:12:23 -------- d-----w- C:\ProgramData\MB2Migration
2018-04-20 19:10:34 -------- d-----w- C:\Users\Owner Pc\AppData\Local\CrashDumps
2018-04-20 19:01:09 -------- d-----w- C:\SUPERDelete
2018-04-20 18:49:11 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nievrlm
2018-04-20 18:38:55 -------- d-----w- C:\Users\Owner Pc\AppData\Local\wdecloh
2018-04-20 14:35:43 35064 ----a-w- C:\WINDOWS\System32\drivers\TrueSight.sys
2018-04-20 14:35:39 -------- d-----w- C:\ProgramData\RogueKiller
2018-04-20 03:42:11 -------- d-----w- C:\EEK
2018-04-20 03:36:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2018-04-20 03:33:56 -------- d-----w- C:\Users\Owner Pc\AppData\Local\exndcso
2018-04-20 03:25:48 -------- d-----w- C:\AdwCleaner
2018-04-20 03:18:12 -------- d-----w- C:\Users\Owner Pc\AppData\Local\rangucv
2018-04-20 03:14:54 -------- d-----w- C:\WINDOWS\pss
2018-04-20 03:01:16 -------- d-----w- C:\Users\Owner Pc\AppData\Local\snovhtd
2018-04-20 01:33:40 -------- d-----w- C:\Users\Owner Pc\AppData\Local\msenogd
2018-04-20 01:21:44 -------- d-----w- C:\Users\Owner Pc\AppData\Local\nvkopir
2018-04-20 00:56:21 -------- d-----w- C:\Users\Owner Pc\AppData\Local\exswkto
2018-04-20 00:56:14 -------- d-----w- C:\Users\Owner Pc\AppData\Local\wmcagent
2018-04-20 00:50:30 -------- d-----w- C:\Users\Owner Pc\AppData\Local\aucnhit
2018-04-20 00:49:33 14558320 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{270E034D-CB6E-40CD-BFAD-20AF1C26D2B3}\mpengine.dll
2018-04-20 00:48:43 2888704 ----a-w- C:\WINDOWS\System32\vdcxanisvc.exe
2018-04-20 00:48:35 -------- d-----w- C:\WINDOWS\SysWow64\zahbrgl
2018-04-20 00:48:33 -------- d--h--w- C:\Program Files (x86)\narcissists
2018-04-20 00:48:32 -------- d-----w- C:\Program Files (x86)\explainable
2018-04-20 00:48:31 -------- d--h--w- C:\Program Files (x86)\Laminar
2018-04-20 00:48:31 -------- d-----w- C:\Program Files (x86)\remotely
2018-04-20 00:48:31 -------- d-----w- C:\Program Files (x86)\Maharajah
2018-04-20 00:48:01 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\et
2018-04-19 23:49:06 32768 ----a-w- C:\Users\Owner Pc\AppData\Local\wonk.exe
2018-04-19 23:49:04 32768 ----a-w- C:\WINDOWS\campfire.exe
2018-04-19 23:49:04 32768 ----a-w- C:\Users\Owner Pc\AppData\Local\Vegetative.exe
2018-04-18 22:02:55 14558320 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-04-16 17:11:17 -------- d-----w- C:\Users\Owner Pc\AppData\Local\Nemex
2018-04-16 17:11:06 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\Mouse Recorder Pro
2018-04-11 03:19:57 835064 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2018-04-11 03:19:57 179704 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2018-04-11 00:34:59 80384 ----a-w- C:\WINDOWS\System32\drivers\vmbkmclr.sys
2018-04-11 00:33:58 747416 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2018-04-11 00:32:59 6118400 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2018-04-11 00:31:59 57856 ----a-w- C:\WINDOWS\System32\efssvc.dll
2018-04-11 00:31:59 29184 ----a-w- C:\WINDOWS\System32\wmiprop.dll
2018-04-11 00:31:59 29184 ----a-w- C:\WINDOWS\System32\fdWNet.dll
2018-04-11 00:31:59 25088 ----a-w- C:\WINDOWS\SysWow64\wmiprop.dll
2018-04-11 00:31:59 25088 ----a-w- C:\WINDOWS\SysWow64\fdWNet.dll
2018-04-11 00:31:59 18944 ----a-w- C:\WINDOWS\System32\nrpsrv.dll
2018-04-11 00:05:26 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51373C18-B129-427F-8FC5-82F5AA2DE4B7}\MpKsl383397b0.sys
2018-04-07 23:01:33 -------- d-----w- C:\Program Files (x86)\Botmaster Labs
2018-04-07 23:00:33 -------- d-----w- C:\Users\Owner Pc\AppData\Local\AdvinstAnalytics
2018-04-07 23:00:18 -------- d-----w- C:\Users\Owner Pc\AppData\Roaming\Botmaster Labs
2018-04-07 21:38:30 -------- d-----w- C:\extensions
2018-04-07 21:34:06 -------- d-----w- C:\ProgramData\CS-Script
2018-04-07 20:54:02 -------- d-----w- C:\Program Files (x86)\FaucetCollector
2018-04-07 20:18:15 58120 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E4BDC84-31F9-4040-93D3-72CBF436D986}\MpKsl357538c7.sys
2018-04-05 23:31:27 377584 ----a-w- C:\WINDOWS\System32\avgBoot.exe
.
==================== Find3M ====================
.
2018-04-21 16:17:33 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2018-04-13 00:08:26 60456 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-04-13 00:08:26 311848 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-04-13 00:08:25 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-04-12 16:32:43 139608 ----a-w- C:\WINDOWS\System32\drivers\avgMonFlt.sys
2018-04-11 01:40:42 136971704 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-04-11 00:53:16 169472 ----a-w- C:\WINDOWS\System32\wuuhosdeployment.dll
2018-04-05 23:30:22 198368 ----a-w- C:\WINDOWS\System32\drivers\avgStm.sys
2018-04-05 23:30:20 372920 ----a-w- C:\WINDOWS\System32\drivers\avgVmm.sys
2018-04-05 23:30:19 76760 ----a-w- C:\WINDOWS\System32\drivers\avgRvrt.sys
2018-04-05 23:30:19 452904 ----a-w- C:\WINDOWS\System32\drivers\avgSP.sys
2018-04-05 23:30:18 39352 ----a-w- C:\WINDOWS\System32\drivers\avgHwid.sys
2018-04-05 23:30:17 189032 ----a-w- C:\WINDOWS\System32\drivers\avgArPot.sys
2018-04-05 23:30:14 103744 ----a-w- C:\WINDOWS\System32\drivers\avgRdr2.sys
2018-04-05 23:28:58 1019088 ----a-w- C:\WINDOWS\System32\drivers\avgSnx.sys
2018-04-05 23:27:38 50776 ----a-w- C:\WINDOWS\System32\drivers\avgbuniva.sys
2018-04-05 23:27:37 336848 ----a-w- C:\WINDOWS\System32\drivers\avgbloga.sys
2018-04-05 23:27:35 192536 ----a-w- C:\WINDOWS\System32\drivers\avgbidsha.sys
2018-04-05 23:27:34 220600 ----a-w- C:\WINDOWS\System32\drivers\avgbidsdrivera.sys
2018-04-05 23:27:29 166064 ----a-w- C:\WINDOWS\System32\drivers\avgbdiska.sys
2018-03-30 12:34:45 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-03-30 05:18:40 1092008 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-03-30 05:14:12 423320 ----a-w- C:\WINDOWS\System32\invagent.dll
2018-03-30 05:12:57 75168 ----a-w- C:\WINDOWS\System32\drivers\vpci.sys
2018-03-30 05:12:53 270208 ----a-w- C:\WINDOWS\System32\LsaIso.exe
2018-03-30 05:12:49 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-03-30 05:10:17 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-03-30 05:08:35 1415296 ----a-w- C:\WINDOWS\System32\winload.efi
2018-03-30 05:08:33 137112 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2018-03-30 05:08:26 2513920 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2018-03-30 05:08:10 1568160 ----a-w- C:\WINDOWS\System32\appraiser.dll
2018-03-30 05:07:38 300448 ----a-w- C:\WINDOWS\System32\acmigration.dll
2018-03-30 05:07:08 69528 ----a-w- C:\WINDOWS\System32\win32appinventorycsp.dll
2018-03-30 0525 166304 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-03-30 0523 53152 ----a-w- C:\WINDOWS\System32\drivers\pcw.sys
2018-03-30 05:05:37 1056152 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-03-30 05:05:30 1206688 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-03-30 05:05:23 191824 ----a-w- C:\WINDOWS\System32\skci.dll
2018-03-30 05:05:22 73120 ----a-w- C:\WINDOWS\System32\drivers\hvservice.sys
2018-03-30 05:05:22 66720 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-03-30 05:05:18 20888 ----a-w- C:\WINDOWS\System32\kdhvcom.dll
2018-03-30 05:05:17 748448 ----a-w- C:\WINDOWS\System32\generaltel.dll
2018-03-30 05:05:17 59808 ----a-w- C:\WINDOWS\System32\hvhostsvc.dll
2018-03-30 05:05:17 35744 ----a-w- C:\WINDOWS\System32\SDFHost.dll
2018-03-30 05:05:16 22208 ----a-w- C:\WINDOWS\System32\IumSdk.dll
2018-03-30 05:05:15 22800 ----a-w- C:\WINDOWS\System32\iumbase.dll
2018-03-30 05:05:11 15632 ----a-w- C:\WINDOWS\System32\iumdll.dll
2018-03-30 05:04:47 608160 ----a-w- C:\WINDOWS\System32\devinv.dll
2018-03-30 05:04:30 35224 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2018-03-30 05:04:22 2002336 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2018-03-30 05:02:23 128416 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2018-03-30 05:01:49 8600480 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-03-30 05:01:38 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-03-30 05:01:36 1209760 ----a-w- C:\WINDOWS\System32\winload.exe
2018-03-30 05:01:29 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-03-30 05:01:02 34208 ----a-w- C:\WINDOWS\System32\drivers\fs_rec.sys
2018-03-30 05:00:30 94104 ----a-w- C:\WINDOWS\System32\drivers\disk.sys
2018-03-30 05:00:27 2395040 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-03-30 05:00:10 103320 ----a-w- C:\WINDOWS\System32\drivers\mountmgr.sys
2018-03-30 04:59:13 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-03-30 04:59:12 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-03-30 04:58:44 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-03-30 04:58:42 39328 ----a-w- C:\WINDOWS\System32\drivers\storvsc.sys
2018-03-30 04:58:16 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-03-30 04:57:54 121248 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2018-03-30 04:57:53 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-03-30 04:57:47 540064 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-03-30 04:57:44 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-03-30 04:57:23 711944 ----a-w- C:\WINDOWS\System32\ci.dll
2018-03-30 04:57:03 31640 ----a-w- C:\WINDOWS\System32\drivers\winhv.sys
2018-03-30 04:57:02 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-03-30 04:56:15 18680 ----a-w- C:\WINDOWS\System32\wshhyperv.dll
2018-03-30 04:55:50 367344 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-03-30 04:55:43 62880 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-03-30 04:54:22 2574240 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2018-03-30 04:54:20 749984 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2018-03-30 04:54:18 408992 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2018-03-30 04:54:04 461728 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-03-30 04:53:57 7676304 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-03-30 04:53:47 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-03-30 04:53:39 94080 ----a-w- C:\WINDOWS\System32\wwapi.dll
2018-03-30 04:53:29 246176 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2018-03-30 04:53:06 712600 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-03-30 04:53:04 163744 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-03-30 04:52:39 247480 ----a-w- C:\WINDOWS\System32\logoncli.dll
2018-03-30 04:52:37 677280 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-03-30 04:52:36 2457504 ----a-w- C:\WINDOWS\System32\UpdateAgent.dll
2018-03-30 04:52:29 54688 ----a-w- C:\WINDOWS\System32\drivers\vdrvroot.sys
2018-03-30 04:52:24 192416 ----a-w- C:\WINDOWS\System32\drivers\appid.sys
2018-03-30 04:52:18 28520 ----a-w- C:\WINDOWS\System32\vmbuspipe.dll
2018-03-30 04:52:14 47512 ----a-w- C:\WINDOWS\System32\drivers\vmstorfl.sys
2018-03-30 04:52:05 727456 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-03-30 04:52:04 282528 ----a-w- C:\WINDOWS\System32\drivers\rdyboost.sys
2018-03-30 04:52:01 428960 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-03-30 04:51:59 123800 ----a-w- C:\WINDOWS\System32\drivers\mup.sys
2018-03-30 04:51:43 71208 ----a-w- C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys
2018-03-30 04:51:38 125568 ----a-w- C:\WINDOWS\System32\rmclient.dll
2018-03-30 04:51:33 902928 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-03-30 04:51:27 147872 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-03-30 04:50:40 57760 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
.
============= FINISH: 12:35:46.51 ===============
Attached Files
File Type: txt attach.txt (8.7 KB, 23 views)
jqc21 is offline  
Sponsored Links
Advertisement
 
Old 04-21-2018, 08:27 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It will take several rounds to tackle this infection.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-22-2018, 12:36 PM   #3
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,
Here are the results of the scans. I have also attached the fbar result as it was too many characters to paste here.

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-22-2018
# Duration: 00:02:01
# OS: Windows 10 Home
# Scanned: 40687
# Detected: 30


***** [ Services ] *****

PUP.Optional.Legacy windowsmanagementservice

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_1116AV
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0916AV
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0816AV
PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0615AV
PUP.Optional.Legacy C:\Users\Owner Pc\AppData\Local\AdvinstAnalytics
PUP.Optional.Legacy C:\Users\Public\Pokki
PUP.Optional.Legacy C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy C:\extensions

***** [ Files ] *****

PUP.Optional.Legacy C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
PUP.Optional.PCAppStore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
PUP.Optional.PCAppStore C:\Users\Owner Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic C:\Windows\System32\Tasks\0615AVUPDATEINFO
PUP.Optional.Legacy C:\Windows\System32\Tasks\SweetLabs App Platform

***** [ Registry ] *****

Adware.pokki HKCU\Software\SweetLabs App Platform
PUP.Adware.Heuristic HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5
PUP.Adware.Heuristic HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615avUpdateInfo
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy HKCU\Software\Classes\lnkfile\shell\pokki
PUP.Optional.Legacy HKCU\Software\Classes\Drive\shell\pokki
PUP.Optional.Legacy HKCU\Software\Classes\Directory\shell\pokki
PUP.Optional.Legacy HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy https://mysearch.avg.com?cid={B5EB2754-3C0B-433A-A0AA-CAC9787F3483}&mid=d999c6bb187957d5a9fe4b5ff5054e7a-1fb553ff555c46f84192b243ed885fb75486cc5e&lang=en&ds=sf011&coid=avgtbdissf&cmpid=&pr=sa&d=2014-09-08 15:12:10&v=18.1.9.786&pid=safeguard&sg=&sap=hp
PUP.Optional.Legacy https://mysearch.avg.com?cid={EE1889A7-903A-4987-A950-5AB1CFEE0DDB}&mid=d999c6bb187957d5a9fe4b5ff5054e7a-1fb553ff555c46f84192b243ed885fb75486cc5e&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 18:05:38&v=17.0.1.4&pid=safeguard&sg=&sap=hp&cmpid=0913a
PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build: 04-12-2018
# Database: 2018-04-19.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-22-2018
# Duration: 00:00:26
# OS: Windows 10 Home
# Cleaned: 29
# Failed: 1


***** [ Services ] *****

Deleted windowsmanagementservice

***** [ Folders ] *****

Deleted C:\ProgramData\AVG_UPDATE_1116AV
Deleted C:\ProgramData\AVG_UPDATE_0916AV
Deleted C:\ProgramData\AVG_UPDATE_0816AV
Deleted C:\ProgramData\AVG_UPDATE_0615AV
Deleted C:\Users\Owner Pc\AppData\Local\AdvinstAnalytics
Deleted C:\Users\Public\Pokki
Not Deleted C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform
Deleted C:\extensions

***** [ Files ] *****

Deleted C:\Windows\System32\Tasks_Migrated\SweetLabs App Platform
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted C:\Users\Owner Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\0615AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\SweetLabs App Platform

***** [ Registry ] *****

Deleted HKCU\Software\SweetLabs App Platform
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b6e646d11b719eb1b6efa13bd5a9bd1897ee4eb5
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615avUpdateInfo
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Deleted HKCU\Software\Classes\lnkfile\shell\pokki
Deleted HKCU\Software\Classes\Drive\shell\pokki
Deleted HKCU\Software\Classes\Directory\shell\pokki
Deleted HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted https://mysearch.avg.com?cid={B5EB2754-3C0B-433A-A0AA-CAC9787F3483}&mid=d999c6bb187957d5a9fe4b5ff5054e7a-1fb553ff555c46f84192b243ed885fb75486cc5e&lang=en&ds=sf011&coid=avgtbdissf&cmpid=&pr=sa&d=2014-09-08 15:12:10&v=18.1.9.786&pid=safeguard&sg=&sap=hp
Deleted https://mysearch.avg.com?cid={EE1889A7-903A-4987-A950-5AB1CFEE0DDB}&mid=d999c6bb187957d5a9fe4b5ff5054e7a-1fb553ff555c46f84192b243ed885fb75486cc5e&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 18:05:38&v=17.0.1.4&pid=safeguard&sg=&sap=hp&cmpid=0913a
Deleted AVG Secure Search
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Attached Files
File Type: txt Addition.txt (65.5 KB, 20 views)
File Type: txt FRST.txt (101.4 KB, 18 views)
jqc21 is offline  
Sponsored Links
Advertisement
 
Old 04-22-2018, 07:14 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello jqc21. Been downloading cracks for Bitcoin key finders? You know most cracks are infected, right?

------------------------------------------------------

Also, are you aware you have no system restore points?

Did you disable System Restore? Can you enable System Restore?

------------------------------------------------------

Please download the Suspicious File Packer and Save it to your Desktop.
  • Unzip it to the desktop and run it.
  • Copy/paste the following list of files into the Suspicious File Packer window:

    C:\Program Files (x86)\Laminar\Vegetative.exe
    C:\Program Files (x86)\narcissists\mariachis.exe
    C:\WINDOWS\system32\Drivers\svcloruy.sys

  • Allow SFP to pack the files by clicking Continue
  • This will generate a CAB archive on your desktop named requested-files[Date/Time].cab
  • Please submit it to this site ==> https://www.bleepingcomputer.com/sub...hp?channel=154 and include this link in the message->>https://www.techsupportforum.com/for...ml#post7675152
  • You can then delete the requested-files.cab file from your desktop, once you have uploaded it to the above recipient.
  • Please let me know you submitted the file.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2018, 04:26 PM   #5
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Yeah, I have. I submitted the files to bleepingcomputer. I wasn't sure if it had viruses or just from hearing about it cause of the nature of them. I tried to open system restore but, it wouldn't open. I didn't know it didn't have any restore points. I thought it was active. When I go to it, it says to disable. Not sure.
jqc21 is offline  
Old 04-24-2018, 03:37 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2018, 01:27 PM   #7
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here is the result of the scan.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.04.2018
Ran by Owner Pc (24-04-2018 16:13:30) Run:1
Running from H:\Documents
Loaded Profiles: Owner Pc (Available Profiles: Owner Pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
end
*****************


==== End of Fixlog 16:13:30 ====
jqc21 is offline  
Old 04-25-2018, 06:20 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21. Print out these instructions to use while in the Recovery Environment or read off another computer:

You will need a USB drive for these instructions and access to another clean computer.

Download Farbar Recovery Scan Tool x64 on a clean computer and save it to a USB drive.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Recovery Environment, plug the USB drive into the infected PC.
  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your USB drive letter and close Notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your USB drive.
  • The tool will start to run.
  • When the tool opens click 'Yes' to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the USB drive.
  • Exit FRST64
  • Type exit then press Enter. Restart your computer.
  • Please copy and paste FRST.txt in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-27-2018, 03:11 PM   #9
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here is the results.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2018
Ran by SYSTEM on MININT-H5PIF8L (27-04-2018 09:33:19)
Running from I:\Documents
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291056 2018-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [purse] => C:\Program Files (x86)\Maharajah\Vegetative.exe [32768 2018-04-19] ()
HKLM\...\Run: [pursesinks] => C:\Program Files (x86)\remotely\wonk.exe [32768 2018-04-19] ()
HKLM\...\Run: [pursepurse] => C:\Program Files (x86)\Laminar\Vegetative.exe [32768 2018-04-19] ()
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51440 2018-04-11] (Copyright (c) 2018 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-11-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [mercurial] => C:\Program Files (x86)\Maharajah\Vegetative.exe [32768 2018-04-19] ()
HKLM-x32\...\Run: [mercurialunpreparedness] => C:\Program Files (x86)\remotely\wonk.exe [32768 2018-04-19] ()
HKLM-x32\...\Run: [mercurialmercurial] => C:\Program Files (x86)\Laminar\Vegetative.exe [32768 2018-04-19] ()
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Owner Pc\...\Run: [GoogleChromeAutoLaunch_14399BCFD00E0923DB73716F5BDDCFA3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [136765 2018-04-19] ()
HKU\Owner Pc\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1023664 2016-11-16] (Samsung)
HKU\Owner Pc\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\Owner Pc\...\Run: [unpreparedness] => C:\Program Files (x86)\Maharajah\Vegetative.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [unpreparednessmercurial] => C:\Program Files (x86)\remotely\wonk.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [unpreparednessunpreparedness] => C:\Program Files (x86)\Laminar\Vegetative.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [sinks] => C:\Program Files (x86)\Maharajah\Vegetative.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [sinkspurse] => C:\Program Files (x86)\remotely\wonk.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [sinkssinks] => C:\Program Files (x86)\Laminar\Vegetative.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\Run: [mariachis] => C:\Program Files (x86)\narcissists\mariachis.exe [66846 2018-04-19] ()
HKU\Owner Pc\...\Run: [unrepeatable] => C:\Program Files (x86)\Maharajah\Vegetative.exe [32768 2018-04-19] ()
HKU\Owner Pc\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe [1456984 2018-03-19] (Google Inc.)
HKU\Owner Pc\...\RunOnce: [Application Restart #1] => C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-15] (Pokki)
Startup: C:\Users\Owner Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ricci.lnk [2018-04-19]
ShortcutTarget: ricci.lnk -> C:\Program Files (x86)\Maharajah\Vegetative.exe ()
Startup: C:\Users\Owner Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ricciricci.lnk [2018-04-19]
ShortcutTarget: ricciricci.lnk -> C:\Program Files (x86)\remotely\wonk.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\jjmmmp" => removed successfully
"HKLM\System\ControlSet001\Services\thirszmc" => removed successfully
C:\Windows\System32\drivers\svcxbehl.sys => moved successfully
C:\Users\Owner Pc\AppData\Local\UserTestingPlugin\Uninstall.exe => moved successfully
C:\Users\Owner Pc\AppData\Local\vdkcwal\dwdrxko.exe => moved successfully
C:\Users\Owner Pc\AppData\Local\vdkcwal\vdkcwal.exe => moved successfully
C:\Users\Owner Pc\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\Owner Pc\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [314688 2018-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-05] (AVG Technologies CZ, s.r.o.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-03-11] (WildTangent)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
S2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Corporation)
S2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55024 2018-04-11] (Copyright (c) 2018 Plays.tv, LLC)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-12] (Microsoft Corporation)
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-03-15] (Emsisoft GmbH)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110088 2017-03-31] (Advanced Micro Devices)
S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-04-05] (AVG Technologies CZ, s.r.o.)
S1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166064 2018-04-05] (AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-04-05] (AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-04-05] (AVG Technologies CZ, s.r.o.)
S0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-04-05] (AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-04-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-04-05] (AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139608 2018-04-12] (AVG Technologies CZ, s.r.o.)
S1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-04-05] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-04-05] (AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-04-05] (AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-04-05] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-04-05] (AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-04-05] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-15] (Emsisoft GmbH)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-04-20] (Malwarebytes)
S1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-04] (Realtek Semiconductor Corp.)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek )
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2018-04-20] ()
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46072 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [311848 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-12] (Microsoft Corporation)
S4 sumardkb; System32\drivers\nvnlraek.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-27 09:27 - 2018-04-27 09:27 - 000000000 _____ C:\Recovery.txt
2018-04-27 05:21 - 2018-04-27 05:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\raiptbe
2018-04-27 05:19 - 2018-04-27 05:19 - 000350052 _____ C:\Windows\Minidump\042718-58765-01.dmp
2018-04-26 19:32 - 2018-04-26 19:32 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avrlxmd
2018-04-26 16:09 - 2018-04-26 16:12 - 000341460 _____ C:\Windows\Minidump\042618-42343-01.dmp
2018-04-26 16:08 - 2018-04-27 05:18 - 279435445 _____ C:\Windows\MEMORY.DMP
2018-04-26 14:44 - 2018-04-26 14:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\seemxip
2018-04-26 11:35 - 2018-04-26 11:35 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\niawgdh
2018-04-26 07:28 - 2018-04-26 07:28 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\mshrpto
2018-04-26 05:41 - 2018-04-26 05:41 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avazmop
2018-04-25 20:20 - 2018-04-25 20:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\scceupo
2018-04-25 20:17 - 2018-04-25 20:17 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rtchabl
2018-04-25 20:06 - 2018-04-25 20:06 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wikprnd
2018-04-25 19:59 - 2018-04-25 19:59 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\spbuxrc
2018-04-24 12:11 - 2018-04-24 12:11 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\dsbgpue
2018-04-23 06:27 - 2018-04-23 06:27 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sibgzoa
2018-04-23 04:59 - 2018-04-23 04:59 - 000003384 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2018-04-22 10:36 - 2018-04-24 12:13 - 000000000 ____D C:\FRST
2018-04-22 10:23 - 2018-04-22 10:23 - 000003138 _____ C:\Windows\System32\Tasks\AdwCleaner_onReboot
2018-04-22 10:01 - 2018-04-22 10:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\cwsvuxn
2018-04-21 08:20 - 2018-04-21 08:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msahcbo
2018-04-21 08:15 - 2018-04-21 08:16 - 000000085 _____ C:\Windows\wininit.ini
2018-04-21 08:15 - 2018-04-21 08:15 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-04-20 20:25 - 2018-04-20 20:25 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sbcgenx
2018-04-20 17:31 - 2018-04-20 11:36 - 000001031 _____ C:\Windows\System32\Drivers\etc\hosts.20180420-213122.backup
2018-04-20 17:18 - 2018-04-20 17:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvcxdsh
2018-04-20 17:11 - 2018-04-20 17:11 - 000000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2018-04-20 17:11 - 2018-04-20 17:11 - 000000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2018-04-20 17:11 - 2018-04-20 17:11 - 000000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2018-04-20 17:10 - 2018-04-21 08:18 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-20 17:10 - 2018-04-21 08:16 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-20 17:09 - 2018-04-20 17:09 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\coatghz
2018-04-20 16:57 - 2018-04-20 16:57 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\lmkrcnb
2018-04-20 16:02 - 2018-04-20 16:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zarnhvb
2018-04-20 12:18 - 2018-04-20 12:19 - 002146880 _____ (Panda Security, S.L.) C:\Users\Owner Pc\Downloads\PANDAFREEAV.exe
2018-04-20 12:02 - 2018-04-20 12:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zamcruv
2018-04-20 11:14 - 2018-04-20 17:07 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-04-20 11:14 - 2018-04-20 11:14 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-20 11:14 - 2017-11-01 04:54 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-04-20 11:12 - 2018-04-20 11:12 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-04-20 11:12 - 2018-04-20 11:12 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-20 11:10 - 2018-04-27 04:42 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\CrashDumps
2018-04-20 11:01 - 2018-04-20 11:01 - 000000000 ____D C:\SUPERDelete
2018-04-20 10:49 - 2018-04-20 10:49 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nievrlm
2018-04-20 10:38 - 2018-04-20 10:38 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wdecloh
2018-04-20 06:35 - 2018-04-20 07:02 - 000000000 ____D C:\ProgramData\RogueKiller
2018-04-20 06:35 - 2018-04-20 06:35 - 000035064 _____ C:\Windows\System32\Drivers\TrueSight.sys
2018-04-19 19:42 - 2018-04-20 16:16 - 000000000 ____D C:\EEK
2018-04-19 19:36 - 2018-04-19 19:36 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-04-19 19:33 - 2018-04-19 19:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exndcso
2018-04-19 19:25 - 2018-04-22 10:12 - 000000000 ____D C:\AdwCleaner
2018-04-19 19:18 - 2018-04-19 19:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rangucv
2018-04-19 19:16 - 2018-04-20 17:08 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-19 19:14 - 2018-04-19 19:14 - 000000000 ____D C:\Windows\pss
2018-04-19 19:01 - 2018-04-19 19:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\snovhtd
2018-04-19 17:33 - 2018-04-19 17:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msenogd
2018-04-19 17:21 - 2018-04-26 19:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvnxpuz
2018-04-19 17:21 - 2018-04-19 17:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvkopir
2018-04-19 16:56 - 2018-04-27 09:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wmcagent
2018-04-19 16:56 - 2018-04-19 17:15 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exswkto
2018-04-19 16:50 - 2018-04-27 09:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\vdkcwal
2018-04-19 16:50 - 2018-04-19 16:50 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\aucnhit
2018-04-19 16:48 - 2018-04-27 05:18 - 002888704 _____ C:\Windows\System32\vdcxanisvc.exe
2018-04-19 16:48 - 2018-04-20 11:39 - 000000000 ____D C:\Program Files (x86)\explainable
2018-04-19 16:48 - 2018-04-19 16:48 - 000004030 _____ C:\Windows\System32\Tasks\ludmila orlando organizer
2018-04-19 16:48 - 2018-04-19 16:48 - 000004022 _____ C:\Windows\System32\Tasks\sickeningly_promiscuously
2018-04-19 16:48 - 2018-04-19 16:48 - 000003994 _____ C:\Windows\System32\Tasks\bundestag_empirical
2018-04-19 16:48 - 2018-04-19 16:48 - 000003942 _____ C:\Windows\System32\Tasks\crd reminder
2018-04-19 16:48 - 2018-04-19 16:48 - 000003940 _____ C:\Windows\System32\Tasks\throes-hyrum
2018-04-19 16:48 - 2018-04-19 16:48 - 000003932 _____ C:\Windows\System32\Tasks\schubert
2018-04-19 16:48 - 2018-04-19 16:48 - 000003926 _____ C:\Windows\System32\Tasks\tsludmila orlando organizerludmila orlando organizer
2018-04-19 16:48 - 2018-04-19 16:48 - 000003914 _____ C:\Windows\System32\Tasks\tssickeningly_promiscuouslysickeningly_promiscuously
2018-04-19 16:48 - 2018-04-19 16:48 - 000003876 _____ C:\Windows\System32\Tasks\tsbundestag_empiricalbundestag_empirical
2018-04-19 16:48 - 2018-04-19 16:48 - 000003810 _____ C:\Windows\System32\Tasks\tsthroes-hyrumthroes-hyrum
2018-04-19 16:48 - 2018-04-19 16:48 - 000003808 _____ C:\Windows\System32\Tasks\tscrd remindercrd reminder
2018-04-19 16:48 - 2018-04-19 16:48 - 000003792 _____ C:\Windows\System32\Tasks\tsschubertschubert
2018-04-19 16:48 - 2018-04-19 16:48 - 000000012 _____ C:\Windows\b71619104
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ___HD C:\Program Files (x86)\narcissists
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ___HD C:\Program Files (x86)\Laminar
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ____D C:\Windows\SysWOW64\zahbrgl
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ____D C:\Windows\System32\zahbrgl
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ____D C:\Users\Owner Pc\AppData\Roaming\et
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ____D C:\Program Files (x86)\remotely
2018-04-19 16:48 - 2018-04-19 16:48 - 000000000 ____D C:\Program Files (x86)\Maharajah
2018-04-19 15:49 - 2018-04-19 15:49 - 000032768 _____ C:\Windows\campfire.exe
2018-04-19 15:49 - 2018-04-19 15:49 - 000032768 _____ C:\Users\Owner Pc\AppData\Local\wonk.exe
2018-04-19 15:49 - 2018-04-19 15:49 - 000032768 _____ C:\Users\Owner Pc\AppData\Local\Vegetative.exe
2018-04-16 09:12 - 2018-04-16 09:12 - 000007714 _____ C:\Users\Owner Pc\Downloads\CashTutorials.m2s
2018-04-16 09:11 - 2018-04-16 09:11 - 000000000 ____D C:\Users\Owner Pc\Documents\My Recorded Scripts
2018-04-16 09:11 - 2018-04-16 09:11 - 000000000 ____D C:\Users\Owner Pc\AppData\Roaming\Mouse Recorder Pro
2018-04-16 09:11 - 2018-04-16 09:11 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\Nemex
2018-04-16 09:08 - 2018-04-16 09:09 - 002331531 _____ C:\Users\Owner Pc\Downloads\bot.zip
2018-04-16 08:09 - 2018-04-16 08:09 - 000003055 _____ C:\Users\Owner Pc\Downloads\bit me.txt
2018-04-16 07:26 - 2018-04-16 07:26 - 000042120 _____ C:\Users\Owner Pc\Downloads\btcspin.mcr
2018-04-16 07:24 - 2018-04-16 07:24 - 001501872 _____ (Jitbit Software ) C:\Users\Owner Pc\Downloads\MacroRecorderSetup.exe
2018-04-14 14:34 - 2018-04-14 14:34 - 008885059 _____ ( ) C:\Users\Owner Pc\Downloads\FaucetCollectorSetup (2).exe
2018-04-10 19:19 - 2018-04-03 11:37 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 19:19 - 2018-04-03 11:37 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 16:35 - 2018-03-29 20:54 - 000408992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2018-04-10 16:35 - 2018-03-29 19:46 - 018925056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-04-10 16:35 - 2018-03-29 19:45 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-04-10 16:35 - 2018-03-29 19:45 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-04-10 16:35 - 2018-03-29 19:43 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-04-10 16:35 - 2018-03-29 19:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\virtdisk.dll
2018-04-10 16:35 - 2018-03-29 19:42 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-10 16:35 - 2018-03-29 19:41 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-04-10 16:35 - 2018-03-29 19:41 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-10 16:35 - 2018-03-29 19:41 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-04-10 16:35 - 2018-03-29 19:41 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-04-10 16:35 - 2018-03-29 19:40 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-10 16:35 - 2018-03-29 19:40 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-04-10 16:35 - 2018-03-29 19:39 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-04-10 16:35 - 2018-03-29 19:39 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-10 16:35 - 2018-03-29 19:38 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-04-10 16:35 - 2018-03-29 19:38 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-10 16:35 - 2018-03-29 19:38 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-10 16:35 - 2018-03-29 19:38 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-10 16:35 - 2018-03-29 19:36 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-10 16:35 - 2018-03-29 19:29 - 000229888 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-04-10 16:35 - 2018-03-29 19:27 - 001657856 _____ (Microsoft Corporation) C:\Windows\System32\rdpserverbase.dll
2018-04-10 16:35 - 2018-03-29 19:27 - 001097728 _____ (Microsoft Corporation) C:\Windows\System32\rdpbase.dll
2018-04-10 16:35 - 2018-03-12 20:43 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-10 16:34 - 2018-03-29 21:12 - 000599448 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2018-04-10 16:34 - 2018-03-29 21:08 - 002513920 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-04-10 16:34 - 2018-03-29 21:06 - 000166304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2018-04-10 16:34 - 2018-03-29 21:05 - 001206688 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-04-10 16:34 - 2018-03-29 21:05 - 001056152 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-04-10 16:34 - 2018-03-29 21:03 - 001277856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2018-04-10 16:34 - 2018-03-29 21:03 - 000319864 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2018-04-10 16:34 - 2018-03-29 21:03 - 000077216 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-04-10 16:34 - 2018-03-29 21:03 - 000059808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bam.sys
2018-04-10 16:34 - 2018-03-29 21:03 - 000022400 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2018-04-10 16:34 - 2018-03-29 21:01 - 008600480 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-04-10 16:34 - 2018-03-29 21:01 - 000649304 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-04-10 16:34 - 2018-03-29 21:01 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2018-04-10 16:34 - 2018-03-29 21:01 - 000471968 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-04-10 16:34 - 2018-03-29 21:00 - 002395040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-04-10 16:34 - 2018-03-29 20:59 - 000398744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2018-04-10 16:34 - 2018-03-29 20:59 - 000082840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-04-10 16:34 - 2018-03-29 20:58 - 000898216 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2018-04-10 16:34 - 2018-03-29 20:58 - 000129432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2018-04-10 16:34 - 2018-03-29 20:57 - 000109976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2018-04-10 16:34 - 2018-03-29 20:57 - 000081304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2018-04-10 16:34 - 2018-03-29 20:55 - 000367344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2018-04-10 16:34 - 2018-03-29 20:55 - 000062880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2018-04-10 16:34 - 2018-03-29 20:54 - 002574240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2018-04-10 16:34 - 2018-03-29 20:54 - 000749984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2018-04-10 16:34 - 2018-03-29 20:54 - 000461728 _____ (Microsoft Corporation) C:\Windows\System32\wifitask.exe
2018-04-10 16:34 - 2018-03-29 20:53 - 002710736 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-04-10 16:34 - 2018-03-29 20:53 - 000712600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2018-04-10 16:34 - 2018-03-29 20:53 - 000246176 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2018-04-10 16:34 - 2018-03-29 20:53 - 000163744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2018-04-10 16:34 - 2018-03-29 20:52 - 000727456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2018-04-10 16:34 - 2018-03-29 20:52 - 000428960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2018-04-10 16:34 - 2018-03-29 20:51 - 000902928 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2018-04-10 16:34 - 2018-03-29 20:51 - 000147872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2018-04-10 16:34 - 2018-03-29 20:50 - 001336344 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2018-04-10 16:34 - 2018-03-29 20:50 - 000057760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2018-04-10 16:34 - 2018-03-29 20:48 - 001101728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-04-10 16:34 - 2018-03-29 20:48 - 000614304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2018-04-10 16:34 - 2018-03-29 20:28 - 001929712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-10 16:34 - 2018-03-29 20:27 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-10 16:34 - 2018-03-29 20:23 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-04-10 16:34 - 2018-03-29 20:13 - 002193176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-10 16:34 - 2018-03-29 20:10 - 000704080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-04-10 16:34 - 2018-03-29 20:07 - 001003160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-04-10 16:34 - 2018-03-29 19:55 - 025253888 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-04-10 16:34 - 2018-03-29 19:46 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-04-10 16:34 - 2018-03-29 19:46 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-10 16:34 - 2018-03-29 19:43 - 019355136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-10 16:34 - 2018-03-29 19:43 - 006576128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-04-10 16:34 - 2018-03-29 19:42 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-10 16:34 - 2018-03-29 19:42 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-10 16:34 - 2018-03-29 19:42 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-04-10 16:34 - 2018-03-29 19:41 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-10 16:34 - 2018-03-29 19:40 - 011924992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-10 16:34 - 2018-03-29 19:38 - 006032384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-04-10 16:34 - 2018-03-29 19:38 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-04-10 16:34 - 2018-03-29 19:38 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-10 16:34 - 2018-03-29 19:37 - 003677184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-10 16:34 - 2018-03-29 19:36 - 003664384 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-04-10 16:34 - 2018-03-29 19:36 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-10 16:34 - 2018-03-29 19:36 - 002014720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-10 16:34 - 2018-03-29 19:36 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-10 16:34 - 2018-03-29 19:36 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-04-10 16:34 - 2018-03-29 19:35 - 000536064 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-04-10 16:34 - 2018-03-29 19:35 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\IndexedDbLegacy.dll
2018-04-10 16:34 - 2018-03-29 19:35 - 000175616 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2018-04-10 16:34 - 2018-03-29 19:35 - 000080384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmclr.sys
2018-04-10 16:34 - 2018-03-29 19:33 - 008031744 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-04-10 16:34 - 2018-03-29 19:33 - 000331264 _____ (Microsoft Corporation) C:\Windows\System32\browserexport.exe
2018-04-10 16:34 - 2018-03-29 19:33 - 000080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2018-04-10 16:34 - 2018-03-29 19:33 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\virtdisk.dll
2018-04-10 16:34 - 2018-03-29 19:32 - 023674880 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-04-10 16:34 - 2018-03-29 19:32 - 000225792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winnat.sys
2018-04-10 16:34 - 2018-03-29 19:32 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
2018-04-10 16:34 - 2018-03-29 19:32 - 000134656 _____ (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
2018-04-10 16:34 - 2018-03-29 19:32 - 000082432 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2018-04-10 16:34 - 2018-03-29 19:32 - 000075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcnfs.sys
2018-04-10 16:34 - 2018-03-29 19:32 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2018-04-10 16:34 - 2018-03-29 19:31 - 000795136 _____ (Microsoft Corporation) C:\Windows\System32\NaturalAuth.dll
2018-04-10 16:34 - 2018-03-29 19:31 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-04-10 16:34 - 2018-03-29 19:31 - 000416768 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2018-04-10 16:34 - 2018-03-29 19:31 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2018-04-10 16:34 - 2018-03-29 19:31 - 000142848 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2018-04-10 16:34 - 2018-03-29 19:31 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 012833280 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 001498112 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000748032 _____ (Microsoft Corporation) C:\Windows\System32\PhoneProviders.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\SmsRouterSvc.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000465920 _____ (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000392704 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000369664 _____ (Microsoft Corporation) C:\Windows\System32\APHostService.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000276480 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-04-10 16:34 - 2018-03-29 19:30 - 000208384 _____ (Microsoft Corporation) C:\Windows\System32\tetheringservice.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000791552 _____ (Microsoft Corporation) C:\Windows\System32\PhoneService.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000456704 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000436224 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000423936 _____ (Microsoft Corporation) C:\Windows\System32\p2psvc.dll
2018-04-10 16:34 - 2018-03-29 19:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\System32\pnrpsvc.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 001245184 _____ (Microsoft Corporation) C:\Windows\System32\Unistore.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000970240 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000951808 _____ (Microsoft Corporation) C:\Windows\System32\usermgr.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000757760 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000624128 _____ (Microsoft Corporation) C:\Windows\System32\SyncController.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000595456 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-04-10 16:34 - 2018-03-29 19:28 - 000403968 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
2018-04-10 16:34 - 2018-03-29 19:27 - 008104960 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-04-10 16:34 - 2018-03-29 19:27 - 000985600 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-04-10 16:34 - 2018-03-29 19:27 - 000813568 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2018-04-10 16:34 - 2018-03-29 19:27 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2018-04-10 16:34 - 2018-03-29 19:27 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-04-10 16:34 - 2018-03-29 19:26 - 004747776 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-04-10 16:34 - 2018-03-29 19:26 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-04-10 16:34 - 2018-03-29 19:26 - 002086400 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-04-10 16:34 - 2018-03-29 19:26 - 001573376 _____ (Microsoft Corporation) C:\Windows\System32\UserDataService.dll
2018-04-10 16:34 - 2018-03-29 19:26 - 001343488 _____ (Microsoft Corporation) C:\Windows\System32\wifinetworkmanager.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 002528256 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 002083840 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-04-10 16:34 - 2018-03-29 19:25 - 001822720 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 001597952 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 001548288 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 000808448 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-04-10 16:34 - 2018-03-29 19:25 - 000401920 _____ (Microsoft Corporation) C:\Windows\System32\rascustom.dll
2018-04-10 16:34 - 2018-03-29 19:24 - 000925184 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2018-04-10 16:34 - 2018-03-29 19:24 - 000462336 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2018-04-10 16:34 - 2018-03-29 19:23 - 000963584 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2018-04-10 16:34 - 2018-03-29 19:23 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-04-10 16:34 - 2018-03-29 19:23 - 000505344 _____ (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2018-04-10 16:34 - 2018-03-29 19:20 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2018-04-10 16:34 - 2018-03-12 23:03 - 000739696 _____ (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2018-04-10 16:34 - 2018-03-12 23:03 - 000279960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2018-04-10 16:34 - 2018-03-12 23:02 - 001954048 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-04-10 16:34 - 2018-03-12 22:59 - 000535968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2018-04-10 16:34 - 2018-03-12 22:58 - 000170904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-04-10 16:34 - 2018-03-12 22:54 - 000555936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2018-04-10 16:34 - 2018-03-12 22:53 - 001054272 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2018-04-10 16:34 - 2018-03-12 22:51 - 002773408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-04-10 16:34 - 2018-03-12 22:50 - 000617312 _____ (Microsoft Corporation) C:\Windows\System32\TextInputFramework.dll
2018-04-10 16:34 - 2018-03-12 21:40 - 000121344 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2018-04-10 16:34 - 2018-03-12 21:36 - 000216064 _____ (Microsoft Corporation) C:\Windows\System32\fwpolicyiomgr.dll
2018-04-10 16:34 - 2018-03-12 21:35 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2018-04-10 16:34 - 2018-03-12 21:33 - 000542208 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2018-04-10 16:34 - 2018-03-12 21:32 - 000286720 _____ (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2018-04-10 16:34 - 2018-03-12 21:28 - 002857984 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2018-04-10 16:34 - 2018-03-12 21:28 - 000939520 _____ (Microsoft Corporation) C:\Windows\System32\rasapi32.dll
2018-04-10 16:34 - 2018-03-12 21:27 - 003125760 _____ (Microsoft Corporation) C:\Windows\System32\InputService.dll
2018-04-10 16:34 - 2018-03-12 21:23 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2018-04-10 16:34 - 2018-03-12 21:23 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2018-04-10 16:34 - 2018-03-12 21:19 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-10 16:34 - 2018-03-12 21:15 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-04-10 16:34 - 2018-03-12 21:04 - 001057824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-04-10 16:34 - 2018-03-12 20:39 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-04-10 16:34 - 2018-03-12 20:37 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-04-10 16:34 - 2018-03-12 20:33 - 002464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-04-10 16:34 - 2018-03-12 20:31 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-04-10 16:34 - 2018-03-12 20:30 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-04-10 16:34 - 2018-03-12 20:27 - 000190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2018-04-10 16:34 - 2018-03-12 20:27 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2018-04-10 16:33 - 2018-03-30 04:34 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-04-10 16:33 - 2018-03-29 21:18 - 001092008 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-04-10 16:33 - 2018-03-29 21:14 - 000423320 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-04-10 16:33 - 2018-03-29 21:10 - 000924648 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-04-10 16:33 - 2018-03-29 21:08 - 001568160 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-04-10 16:33 - 2018-03-29 21:08 - 001415296 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-04-10 16:33 - 2018-03-29 21:08 - 000137112 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-04-10 16:33 - 2018-03-29 21:07 - 000300448 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-04-10 16:33 - 2018-03-29 21:07 - 000069528 _____ (Microsoft Corporation) C:\Windows\System32\win32appinventorycsp.dll
2018-04-10 16:33 - 2018-03-29 21:05 - 000748448 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-04-10 16:33 - 2018-03-29 21:05 - 000191824 _____ (Microsoft Corporation) C:\Windows\System32\skci.dll
2018-04-10 16:33 - 2018-03-29 21:05 - 000066720 _____ (Microsoft Corporation) C:\Windows\System32\iumcrypt.dll
2018-04-10 16:33 - 2018-03-29 21:05 - 000015632 _____ (Microsoft Corporation) C:\Windows\System32\iumdll.dll
2018-04-10 16:33 - 2018-03-29 21:04 - 002002336 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-04-10 16:33 - 2018-03-29 21:04 - 000608160 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-04-10 16:33 - 2018-03-29 21:04 - 000035224 _____ (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
2018-04-10 16:33 - 2018-03-29 21:03 - 000664992 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-04-10 16:33 - 2018-03-29 21:03 - 000508272 _____ (Microsoft Corporation) C:\Windows\System32\systemreset.exe
2018-04-10 16:33 - 2018-03-29 21:03 - 000479920 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase_enclave.dll
2018-04-10 16:33 - 2018-03-29 21:03 - 000460704 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2018-04-10 16:33 - 2018-03-29 21:03 - 000292384 _____ (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2018-04-10 16:33 - 2018-03-29 21:03 - 000272288 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-04-10 16:33 - 2018-03-29 21:01 - 001209760 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-04-10 16:33 - 2018-03-29 20:57 - 001173576 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-04-10 16:33 - 2018-03-29 20:57 - 000711944 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2018-04-10 16:33 - 2018-03-29 20:57 - 000540064 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-04-10 16:33 - 2018-03-29 20:53 - 007676304 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-04-10 16:33 - 2018-03-29 20:53 - 000549552 _____ (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2018-04-10 16:33 - 2018-03-29 20:52 - 021351632 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-04-10 16:33 - 2018-03-29 20:52 - 002457504 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
2018-04-10 16:33 - 2018-03-29 20:52 - 000677280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-04-10 16:33 - 2018-03-29 20:28 - 000777912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-10 16:33 - 2018-03-29 20:24 - 000212896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-04-10 16:33 - 2018-03-29 20:19 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-04-10 16:33 - 2018-03-29 20:16 - 000289824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-10 16:33 - 2018-03-29 20:13 - 000450936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-04-10 16:33 - 2018-03-29 20:09 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-04-10 16:33 - 2018-03-29 19:37 - 001298944 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2018-04-10 16:33 - 2018-03-29 19:36 - 000825856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-04-10 16:33 - 2018-03-29 19:36 - 000098304 _____ C:\Windows\System32\runexehelper.exe
2018-04-10 16:33 - 2018-03-29 19:35 - 000858112 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2018-04-10 16:33 - 2018-03-29 19:35 - 000496128 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2018-04-10 16:33 - 2018-03-29 19:35 - 000400384 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-04-10 16:33 - 2018-03-29 19:35 - 000249856 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2018-04-10 16:33 - 2018-03-29 19:35 - 000232960 _____ (Microsoft Corporation) C:\Windows\System32\convertvhd.exe
2018-04-10 16:33 - 2018-03-29 19:33 - 000017408 _____ (Microsoft Corporation) C:\Windows\System32\VmApplicationHealthMonitorProxy.dll
2018-04-10 16:33 - 2018-03-29 19:32 - 000212992 _____ (Microsoft Corporation) C:\Windows\System32\container.dll
2018-04-10 16:33 - 2018-03-29 19:32 - 000201728 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-04-10 16:33 - 2018-03-29 19:32 - 000186368 _____ (Microsoft Corporation) C:\Windows\System32\ACPBackgroundManagerPolicy.dll
2018-04-10 16:33 - 2018-03-29 19:31 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\dusmsvc.dll
2018-04-10 16:33 - 2018-03-29 19:30 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2018-04-10 16:33 - 2018-03-29 19:29 - 001495552 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-04-10 16:33 - 2018-03-29 19:29 - 000616960 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2018-04-10 16:33 - 2018-03-29 19:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\System32\SensorService.dll
2018-04-10 16:33 - 2018-03-29 19:28 - 003121664 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-10 16:33 - 2018-03-29 19:28 - 000721408 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2018-04-10 16:33 - 2018-03-29 19:28 - 000366080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2018-04-10 16:33 - 2018-03-29 19:27 - 003170816 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-04-10 16:33 - 2018-03-29 19:27 - 001002496 _____ (Microsoft Corporation) C:\Windows\System32\modernexecserver.dll
2018-04-10 16:33 - 2018-03-29 19:26 - 002209280 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-04-10 16:33 - 2018-03-29 19:26 - 001816576 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-04-10 16:33 - 2018-03-29 19:26 - 000765952 _____ (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2018-04-10 16:33 - 2018-03-29 19:26 - 000716288 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2018-04-10 16:33 - 2018-03-29 19:25 - 002628608 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-04-10 16:33 - 2018-03-29 19:25 - 001055744 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2018-04-10 16:33 - 2018-03-29 19:21 - 002511360 _____ (Microsoft Corporation) C:\Windows\System32\ResetEngine.dll
2018-04-10 16:33 - 2018-03-29 19:21 - 001160704 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2018-04-10 16:33 - 2018-03-12 23:03 - 005907288 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll
2018-04-10 16:33 - 2018-03-12 23:03 - 000779960 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2018-04-10 16:33 - 2018-03-12 23:03 - 000382368 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2018-04-10 16:33 - 2018-03-12 22:58 - 000377760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2018-04-10 16:33 - 2018-03-12 22:55 - 000979352 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManager.dll
2018-04-10 16:33 - 2018-03-12 22:53 - 000113568 _____ (Microsoft Corporation) C:\Windows\System32\icfupgd.dll
2018-04-10 16:33 - 2018-03-12 22:52 - 007384576 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-04-10 16:33 - 2018-03-12 21:34 - 008727552 _____ (Microsoft Corporation) C:\Windows\System32\BingMaps.dll
2018-04-10 16:33 - 2018-03-12 21:33 - 007544832 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2018-04-10 16:33 - 2018-03-12 21:32 - 005195776 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2018-04-10 16:33 - 2018-03-12 21:30 - 007145472 _____ (Microsoft Corporation) C:\Windows\System32\mos.dll
2018-04-10 16:33 - 2018-03-12 21:29 - 003211776 _____ (Microsoft Corporation) C:\Windows\System32\NetworkMobileSettings.dll
2018-04-10 16:33 - 2018-03-12 21:28 - 001967104 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2018-04-10 16:33 - 2018-03-12 21:28 - 001157632 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2018-04-10 16:33 - 2018-03-12 21:28 - 000508928 _____ (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2018-04-10 16:33 - 2018-03-12 21:27 - 000599552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Core.TextInput.dll
2018-04-10 16:33 - 2018-03-12 21:27 - 000197632 _____ (Microsoft Corporation) C:\Windows\System32\SettingMonitor.dll
2018-04-10 16:33 - 2018-03-12 21:23 - 001556992 _____ (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2018-04-10 16:33 - 2018-03-12 21:22 - 000568320 _____ (Microsoft Corporation) C:\Windows\System32\msra.exe
2018-04-10 16:33 - 2018-03-12 21:22 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2018-04-10 16:33 - 2018-03-12 21:19 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-04-10 16:33 - 2018-03-12 21:19 - 000311200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-10 16:33 - 2018-03-12 21:08 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2018-04-10 16:33 - 2018-03-12 21:04 - 006481096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-10 16:33 - 2018-03-12 20:44 - 003490816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2018-04-10 16:33 - 2018-03-12 20:38 - 006466560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-04-10 16:33 - 2018-03-12 20:37 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-04-10 16:33 - 2018-03-12 20:31 - 000402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2018-04-10 16:32 - 2018-03-29 21:12 - 000270208 _____ (Microsoft Corporation) C:\Windows\System32\LsaIso.exe
2018-04-10 16:32 - 2018-03-29 21:12 - 000075168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vpci.sys
2018-04-10 16:32 - 2018-03-29 21:06 - 000053152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2018-04-10 16:32 - 2018-03-29 21:05 - 000073120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2018-04-10 16:32 - 2018-03-29 21:05 - 000059808 _____ (Microsoft Corporation) C:\Windows\System32\hvhostsvc.dll
2018-04-10 16:32 - 2018-03-29 21:05 - 000035744 _____ (Microsoft Corporation) C:\Windows\System32\SDFHost.dll
2018-04-10 16:32 - 2018-03-29 21:05 - 000022800 _____ (Microsoft Corporation) C:\Windows\System32\iumbase.dll
2018-04-10 16:32 - 2018-03-29 21:05 - 000022208 _____ (Microsoft Corporation) C:\Windows\System32\IumSdk.dll
2018-04-10 16:32 - 2018-03-29 21:05 - 000020888 _____ (Microsoft Corporation) C:\Windows\System32\kdhvcom.dll
2018-04-10 16:32 - 2018-03-29 21:03 - 000157696 _____ (Microsoft Corporation) C:\Windows\System32\vertdll.dll
2018-04-10 16:32 - 2018-03-29 21:03 - 000139680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2018-04-10 16:32 - 2018-03-29 21:02 - 000128416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tm.sys
2018-04-10 16:32 - 2018-03-29 21:01 - 000034208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2018-04-10 16:32 - 2018-03-29 21:00 - 000103320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2018-04-10 16:32 - 2018-03-29 21:00 - 000094104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2018-04-10 16:32 - 2018-03-29 20:58 - 000039328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2018-04-10 16:32 - 2018-03-29 20:57 - 000121248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2018-04-10 16:32 - 2018-03-29 20:57 - 000031640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2018-04-10 16:32 - 2018-03-29 20:56 - 000018680 _____ (Microsoft Corporation) C:\Windows\System32\wshhyperv.dll
2018-04-10 16:32 - 2018-03-29 20:53 - 000094080 _____ (Microsoft Corporation) C:\Windows\System32\wwapi.dll
2018-04-10 16:32 - 2018-03-29 20:52 - 000282528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2018-04-10 16:32 - 2018-03-29 20:52 - 000247480 _____ (Microsoft Corporation) C:\Windows\System32\logoncli.dll
2018-04-10 16:32 - 2018-03-29 20:52 - 000192416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2018-04-10 16:32 - 2018-03-29 20:52 - 000054688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2018-04-10 16:32 - 2018-03-29 20:52 - 000047512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2018-04-10 16:32 - 2018-03-29 20:52 - 000028520 _____ (Microsoft Corporation) C:\Windows\System32\vmbuspipe.dll
2018-04-10 16:32 - 2018-03-29 20:51 - 000125568 _____ (Microsoft Corporation) C:\Windows\System32\rmclient.dll
2018-04-10 16:32 - 2018-03-29 20:51 - 000123800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2018-04-10 16:32 - 2018-03-29 20:51 - 000071208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WindowsTrustedRT.sys
2018-04-10 16:32 - 2018-03-29 20:49 - 000204184 _____ (Microsoft Corporation) C:\Windows\System32\basecsp.dll
2018-04-10 16:32 - 2018-03-29 20:48 - 000586800 _____ (Microsoft Corporation) C:\Windows\System32\msvcp110_win.dll
2018-04-10 16:32 - 2018-03-29 20:18 - 000016600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshhyperv.dll
2018-04-10 16:32 - 2018-03-29 20:13 - 000073896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2018-04-10 16:32 - 2018-03-29 20:12 - 000186520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2018-04-10 16:32 - 2018-03-29 20:10 - 000099240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-04-10 16:32 - 2018-03-29 20:06 - 000180632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-10 16:32 - 2018-03-29 20:04 - 000417368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_win.dll
2018-04-10 16:32 - 2018-03-29 19:46 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-10 16:32 - 2018-03-29 19:45 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2018-04-10 16:32 - 2018-03-29 19:44 - 000051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-10 16:32 - 2018-03-29 19:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-04-10 16:32 - 2018-03-29 19:44 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2018-04-10 16:32 - 2018-03-29 19:43 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2018-04-10 16:32 - 2018-03-29 19:43 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-10 16:32 - 2018-03-29 19:43 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-10 16:32 - 2018-03-29 19:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2018-04-10 16:32 - 2018-03-29 19:43 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2018-04-10 16:32 - 2018-03-29 19:43 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-10 16:32 - 2018-03-29 19:42 - 000253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2018-04-10 16:32 - 2018-03-29 19:42 - 000123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-10 16:32 - 2018-03-29 19:42 - 000099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-04-10 16:32 - 2018-03-29 19:42 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-10 16:32 - 2018-03-29 19:42 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2018-04-10 16:32 - 2018-03-29 19:42 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2018-04-10 16:32 - 2018-03-29 19:41 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-10 16:32 - 2018-03-29 19:41 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-04-10 16:32 - 2018-03-29 19:41 - 000126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-10 16:32 - 2018-03-29 19:40 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2018-04-10 16:32 - 2018-03-29 19:40 - 000314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2018-04-10 16:32 - 2018-03-29 19:40 - 000257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2018-04-10 16:32 - 2018-03-29 19:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
2018-04-10 16:32 - 2018-03-29 19:40 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2018-04-10 16:32 - 2018-03-29 19:39 - 000776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-10 16:32 - 2018-03-29 19:36 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2018-04-10 16:32 - 2018-03-29 19:35 - 000561152 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2018-04-10 16:32 - 2018-03-29 19:35 - 000371200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-04-10 16:32 - 2018-03-29 19:35 - 000233984 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2018-04-10 16:32 - 2018-03-29 19:35 - 000079360 _____ (Microsoft Corporation) C:\Windows\System32\offreg.dll
2018-04-10 16:32 - 2018-03-29 19:35 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhvr.sys
2018-04-10 16:32 - 2018-03-29 19:34 - 000339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000707584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000119808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000117760 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000094720 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000084992 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2018-04-10 16:32 - 2018-03-29 19:33 - 000084480 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000079872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storqosflt.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000072192 _____ (Microsoft Corporation) C:\Windows\System32\IcsEntitlementHost.exe
2018-04-10 16:32 - 2018-03-29 19:33 - 000065024 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000062976 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenanceClient.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000050688 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\vmictimeprovider.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\wcimage.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000036352 _____ (Microsoft Corporation) C:\Windows\System32\WcnEapPeerProxy.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\WcnEapAuthProxy.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HyperVideo.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\sysntfy.dll
2018-04-10 16:32 - 2018-03-29 19:33 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\appidtel.exe
2018-04-10 16:32 - 2018-03-29 19:33 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hyperkbd.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmgencounter.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmgid.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2018-04-10 16:32 - 2018-03-29 19:33 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000198144 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2018-04-10 16:32 - 2018-03-29 19:32 - 000149504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2018-04-10 16:32 - 2018-03-29 19:32 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2018-04-10 16:32 - 2018-03-29 19:32 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000125440 _____ (Microsoft Corporation) C:\Windows\System32\httpprxm.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000081408 _____ (Microsoft Corporation) C:\Windows\System32\efslsaext.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000078336 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000065024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2018-04-10 16:32 - 2018-03-29 19:32 - 000065024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2018-04-10 16:32 - 2018-03-29 19:32 - 000064512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Synth3dVsc.sys
2018-04-10 16:32 - 2018-03-29 19:32 - 000062976 _____ (Microsoft Corporation) C:\Windows\System32\wsnmp32.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000061440 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManagerSvc.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdPnp.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000044544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2018-04-10 16:32 - 2018-03-29 19:32 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2018-04-10 16:32 - 2018-03-29 19:32 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
2018-04-10 16:32 - 2018-03-29 19:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2018-04-10 16:32 - 2018-03-29 19:32 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2018-04-10 16:32 - 2018-03-29 19:32 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\gpuenergydrv.sys
2018-04-10 16:32 - 2018-03-29 19:31 - 000306176 _____ (Microsoft Corporation) C:\Windows\System32\wc_storage.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000293376 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2018-04-10 16:32 - 2018-03-29 19:31 - 000286208 _____ (Microsoft Corporation) C:\Windows\System32\icsvc.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000175616 _____ (Microsoft Corporation) C:\Windows\System32\TimeBrokerServer.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000172544 _____ (Microsoft Corporation) C:\Windows\System32\WPTaskScheduler.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\dssvc.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000151040 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2018-04-10 16:32 - 2018-03-29 19:31 - 000151040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2018-04-10 16:32 - 2018-03-29 19:31 - 000143360 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000099328 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000090112 _____ (Microsoft Corporation) C:\Windows\System32\keyiso.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000087040 _____ (Microsoft Corporation) C:\Windows\System32\adhsvc.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2018-04-10 16:32 - 2018-03-29 19:31 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\nsisvc.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000425984 _____ (Microsoft Corporation) C:\Windows\System32\vmrdvcore.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000309760 _____ (Microsoft Corporation) C:\Windows\System32\icsvcext.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000284672 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000262656 _____ (Microsoft Corporation) C:\Windows\System32\BrokerLib.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000256000 _____ (Microsoft Corporation) C:\Windows\System32\scksp.dll
2018-04-10 16:32 - 2018-03-29 19:30 - 000188928 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2018-04-10 16:32 - 2018-03-29 19:29 - 000723968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2018-04-10 16:32 - 2018-03-29 19:29 - 000379392 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2018-04-10 16:32 - 2018-03-29 19:29 - 000298496 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2018-04-10 16:32 - 2018-03-29 19:29 - 000253440 _____ (Microsoft Corporation) C:\Windows\System32\dot3svc.dll
2018-04-10 16:32 - 2018-03-29 19:28 - 000984064 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2018-04-10 16:32 - 2018-03-29 19:28 - 000820224 _____ (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2018-04-10 16:32 - 2018-03-29 19:28 - 000147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2018-04-10 16:32 - 2018-03-29 19:27 - 000947712 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2018-04-10 16:32 - 2018-03-29 19:27 - 000889856 _____ (Microsoft Corporation) C:\Windows\System32\wcmsvc.dll
2018-04-10 16:32 - 2018-03-29 19:27 - 000332288 _____ (Microsoft Corporation) C:\Windows\System32\ncryptprov.dll
2018-04-10 16:32 - 2018-03-29 19:27 - 000228352 _____ (Microsoft Corporation) C:\Windows\System32\ssdpsrv.dll
2018-04-10 16:32 - 2018-03-29 19:25 - 000841216 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2018-04-10 16:32 - 2018-03-29 19:25 - 000374272 _____ (Microsoft Corporation) C:\Windows\System32\ncbservice.dll
2018-04-10 16:32 - 2018-03-29 19:25 - 000276480 _____ (Microsoft Corporation) C:\Windows\System32\wkssvc.dll
2018-04-10 16:32 - 2018-03-29 19:25 - 000270848 _____ (Microsoft Corporation) C:\Windows\System32\srvsvc.dll
2018-04-10 16:32 - 2018-03-29 19:23 - 000387584 _____ (Microsoft Corporation) C:\Windows\System32\SessEnv.dll
2018-04-10 16:32 - 2018-03-29 19:23 - 000246784 _____ (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2018-04-10 16:32 - 2018-03-29 19:23 - 000182784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2018-04-10 16:32 - 2018-03-29 19:22 - 000826880 _____ (Microsoft Corporation) C:\Windows\System32\msdtcprx.dll
2018-04-10 16:32 - 2018-03-29 19:22 - 000027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2018-04-10 16:32 - 2018-03-29 19:22 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000240640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000199168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000180736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000178688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000177664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000058368 _____ (Microsoft Corporation) C:\Windows\System32\fdPnp.dll
2018-04-10 16:32 - 2018-03-29 19:20 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2018-04-10 16:32 - 2018-03-29 19:20 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2018-04-10 16:32 - 2018-03-28 11:54 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-10 16:32 - 2018-03-12 22:58 - 000441248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2018-04-10 16:32 - 2018-03-12 22:55 - 001778360 _____ (Microsoft Corporation) C:\Windows\System32\propsys.dll
2018-04-10 16:32 - 2018-03-12 22:55 - 000417440 _____ (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2018-04-10 16:32 - 2018-03-12 22:55 - 000334240 _____ (Microsoft Corporation) C:\Windows\System32\moshostcore.dll
2018-04-10 16:32 - 2018-03-12 22:54 - 000128928 _____ (Microsoft Corporation) C:\Windows\System32\offlinelsa.dll
2018-04-10 16:32 - 2018-03-12 22:53 - 000774560 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupEngine.dll
2018-04-10 16:32 - 2018-03-12 22:53 - 000143264 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupApi.dll
2018-04-10 16:32 - 2018-03-12 22:53 - 000091152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2018-04-10 16:32 - 2018-03-12 22:52 - 000172112 _____ (Microsoft Corporation) C:\Windows\System32\RTWorkQ.dll
2018-04-10 16:32 - 2018-03-12 22:52 - 000127136 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2018-04-10 16:32 - 2018-03-12 21:41 - 003995136 _____ (Microsoft Corporation) C:\Windows\System32\UIRibbon.dll
2018-04-10 16:32 - 2018-03-12 21:40 - 000584192 _____ (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2018-04-10 16:32 - 2018-03-12 21:38 - 000071680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2018-04-10 16:32 - 2018-03-12 21:38 - 000041984 _____ (Microsoft Corporation) C:\Windows\System32\LaunchWinApp.exe
2018-04-10 16:32 - 2018-03-12 21:38 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\WordBreakers.dll
2018-04-10 16:32 - 2018-03-12 21:37 - 000109568 _____ (Microsoft Corporation) C:\Windows\System32\NetDriverInstall.dll
2018-04-10 16:32 - 2018-03-12 21:37 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\wfdprov.dll
2018-04-10 16:32 - 2018-03-12 21:37 - 000045056 _____ (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
2018-04-10 16:32 - 2018-03-12 21:36 - 000297984 _____ (Microsoft Corporation) C:\Windows\System32\mfksproxy.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000758272 _____ (Microsoft Corporation) C:\Windows\System32\DolbyHrtfEnc.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000308736 _____ (Microsoft Corporation) C:\Windows\System32\compstui.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000245248 _____ (Microsoft Corporation) C:\Windows\System32\icm32.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000240128 _____ (Microsoft Corporation) C:\Windows\System32\TtlsAuth.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000219648 _____ (Microsoft Corporation) C:\Windows\System32\TtlsCfg.dll
2018-04-10 16:32 - 2018-03-12 21:35 - 000117248 _____ (Microsoft Corporation) C:\Windows\System32\wlgpclnt.dll
2018-04-10 16:32 - 2018-03-12 21:34 - 000309248 _____ (Microsoft Corporation) C:\Windows\System32\wifiprofilessettinghandler.dll
2018-04-10 16:32 - 2018-03-12 21:34 - 000222208 _____ (Microsoft Corporation) C:\Windows\System32\TtlsExt.dll
2018-04-10 16:32 - 2018-03-12 21:34 - 000153600 _____ (Microsoft Corporation) C:\Windows\System32\BrowserSettingSync.dll
2018-04-10 16:32 - 2018-03-12 21:34 - 000119296 _____ (Microsoft Corporation) C:\Windows\System32\DafPrintProvider.dll
2018-04-10 16:32 - 2018-03-12 21:33 - 001574912 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Cred.dll
2018-04-10 16:32 - 2018-03-12 21:33 - 000459776 _____ (Microsoft Corporation) C:\Windows\System32\CredProvDataModel.dll
2018-04-10 16:32 - 2018-03-12 21:33 - 000278528 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2018-04-10 16:32 - 2018-03-12 21:33 - 000243200 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2018-04-10 16:32 - 2018-03-12 21:33 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\tcpmon.dll
2018-04-10 16:32 - 2018-03-12 21:32 - 000689152 _____ (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2018-04-10 16:32 - 2018-03-12 21:32 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\WSDMon.dll
2018-04-10 16:32 - 2018-03-12 21:32 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-10 16:32 - 2018-03-12 21:32 - 000200704 _____ (Microsoft Corporation) C:\Windows\System32\puiapi.dll
2018-04-10 16:32 - 2018-03-12 21:31 - 002849792 _____ (Microsoft Corporation) C:\Windows\System32\MapGeocoder.dll
2018-04-10 16:32 - 2018-03-12 21:31 - 001263104 _____ (Microsoft Corporation) C:\Windows\System32\JpMapControl.dll
2018-04-10 16:32 - 2018-03-12 21:31 - 001173504 _____ (Microsoft Corporation) C:\Windows\System32\MapsStore.dll
2018-04-10 16:32 - 2018-03-12 21:31 - 000596480 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll
2018-04-10 16:32 - 2018-03-12 21:31 - 000329216 _____ (Microsoft Corporation) C:\Windows\System32\usbmon.dll
2018-04-10 16:32 - 2018-03-12 21:30 - 003400192 _____ (Microsoft Corporation) C:\Windows\System32\MapRouter.dll
2018-04-10 16:32 - 2018-03-12 21:30 - 000893440 _____ (Microsoft Corporation) C:\Windows\System32\NMAA.dll
2018-04-10 16:32 - 2018-03-12 21:30 - 000863744 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.dll
2018-04-10 16:32 - 2018-03-12 21:30 - 000836608 _____ (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
2018-04-10 16:32 - 2018-03-12 21:30 - 000459776 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2018-04-10 16:32 - 2018-03-12 21:28 - 003160576 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2018-04-10 16:32 - 2018-03-12 21:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\System32\MapControlCore.dll
2018-04-10 16:32 - 2018-03-12 21:28 - 000837120 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2018-04-10 16:32 - 2018-03-12 21:26 - 001737728 _____ (Microsoft Corporation) C:\Windows\System32\MSPhotography.dll
2018-04-10 16:32 - 2018-03-12 21:26 - 000134656 _____ (Microsoft Corporation) C:\Windows\System32\InputLocaleManager.dll
2018-04-10 16:32 - 2018-03-12 21:25 - 001346560 _____ (Microsoft Corporation) C:\Windows\System32\qmgr.dll
2018-04-10 16:32 - 2018-03-12 21:25 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\EditBufferTestHook.dll
2018-04-10 16:32 - 2018-03-12 21:24 - 001275904 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2018-04-10 16:32 - 2018-03-12 21:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\System32\ninput.dll
2018-04-10 16:32 - 2018-03-12 21:24 - 000205312 _____ (Microsoft Corporation) C:\Windows\System32\sensrsvc.dll
2018-04-10 16:32 - 2018-03-12 21:22 - 000513536 _____ (Microsoft Corporation) C:\Windows\System32\newdev.dll
2018-04-10 16:32 - 2018-03-12 21:22 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\racpldlg.dll
2018-04-10 16:32 - 2018-03-12 21:08 - 001555784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2018-04-10 16:32 - 2018-03-12 21:07 - 000115104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2018-04-10 16:32 - 2018-03-12 21:06 - 000564640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2018-04-10 16:32 - 2018-03-12 21:04 - 000140592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTWorkQ.dll
2018-04-10 16:32 - 2018-03-12 20:44 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2018-04-10 16:32 - 2018-03-12 20:40 - 006118400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2018-04-10 16:32 - 2018-03-12 20:40 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-04-10 16:32 - 2018-03-12 20:40 - 000201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfksproxy.dll
2018-04-10 16:32 - 2018-03-12 20:39 - 000230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-04-10 16:32 - 2018-03-12 20:39 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-04-10 16:32 - 2018-03-12 20:39 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TtlsCfg.dll
2018-04-10 16:32 - 2018-03-12 20:38 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlgpclnt.dll
2018-04-10 16:32 - 2018-03-12 20:37 - 000981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2018-04-10 16:32 - 2018-03-12 20:37 - 000537088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-04-10 16:32 - 2018-03-12 20:37 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2018-04-10 16:32 - 2018-03-12 20:37 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2018-04-10 16:32 - 2018-03-12 20:37 - 000169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2018-04-10 16:32 - 2018-03-12 20:37 - 000091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2018-04-10 16:32 - 2018-03-12 20:36 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-04-10 16:32 - 2018-03-12 20:36 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-04-10 16:32 - 2018-03-12 20:36 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2018-04-10 16:32 - 2018-03-12 20:35 - 006204416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2018-04-10 16:32 - 2018-03-12 20:34 - 002409984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2018-04-10 16:32 - 2018-03-12 20:34 - 000706048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-04-10 16:32 - 2018-03-12 20:33 - 000981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2018-04-10 16:32 - 2018-03-12 20:32 - 002577408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2018-04-10 16:32 - 2018-03-12 20:32 - 001948672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-04-10 16:32 - 2018-03-12 20:31 - 001348608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-04-10 16:32 - 2018-03-12 20:31 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2018-04-10 16:32 - 2018-03-12 20:30 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-10 16:32 - 2018-03-12 20:28 - 000328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2018-04-10 16:32 - 2018-03-12 20:26 - 000483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2018-04-10 16:32 - 2017-11-26 05:32 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2018-04-10 16:32 - 2017-11-26 03:12 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-10 16:31 - 2018-03-29 19:33 - 000018944 _____ (Microsoft Corporation) C:\Windows\System32\nrpsrv.dll
2018-04-10 16:31 - 2018-03-29 19:33 - 000012288 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2018-04-10 16:31 - 2018-03-29 19:32 - 000057856 _____ (Microsoft Corporation) C:\Windows\System32\efssvc.dll
2018-04-10 16:31 - 2018-03-29 19:32 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmiprop.dll
2018-04-10 16:31 - 2018-03-29 19:32 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWNet.dll
2018-04-10 16:31 - 2018-03-29 19:20 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\wmiprop.dll
2018-04-10 16:31 - 2018-03-29 19:20 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\fdWNet.dll
2018-04-10 13:26 - 2018-04-10 13:27 - 008880482 _____ ( ) C:\Users\Owner Pc\Downloads\FaucetCollectorSetup (1).exe
2018-04-07 15:01 - 2018-04-07 15:01 - 000000000 ____D C:\Program Files (x86)\Botmaster Labs
2018-04-07 15:00 - 2018-04-07 15:00 - 000000000 ____D C:\Users\Owner Pc\AppData\Roaming\Botmaster Labs
2018-04-07 13:34 - 2018-04-07 13:34 - 000000000 ____D C:\ProgramData\CS-Script
2018-04-07 12:54 - 2018-04-14 14:35 - 000000000 ____D C:\Program Files (x86)\FaucetCollector
2018-04-07 12:51 - 2018-04-07 12:51 - 008877392 _____ ( ) C:\Users\Owner Pc\Downloads\FaucetCollectorSetup.exe
2018-04-07 12:49 - 2018-04-07 12:52 - 054193479 _____ C:\Users\Owner Pc\Downloads\CaptchaBotEN.zip
2018-04-05 15:31 - 2018-04-05 15:30 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-27 09:33 - 2017-11-17 15:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\UserTestingPlugin
2018-04-27 05:19 - 2017-12-19 06:43 - 000000000 ____D C:\Windows\Minidump
2018-04-27 05:18 - 2017-12-04 08:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-27 05:16 - 2017-09-29 00:45 - 020971520 _____ C:\Windows\System32\config\HARDWARE
2018-04-27 05:16 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-04-27 05:16 - 2017-07-14 09:26 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-04-27 05:15 - 2017-12-04 07:51 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-04-27 04:48 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-04-27 04:45 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-04-27 04:45 - 2015-01-31 18:59 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform
2018-04-27 04:44 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-27 04:42 - 2015-01-31 19:02 - 000000000 ____D C:\Users\Owner Pc\Documents\Youcam
2018-04-27 04:38 - 2015-03-13 11:08 - 000000000 ____D C:\Users\Owner Pc\AppData\Roaming\Skype
2018-04-27 04:36 - 2016-08-15 12:37 - 000000000 ____D C:\Users\Owner Pc\AppData\Roaming\PlaysTV
2018-04-26 19:47 - 2017-12-04 07:57 - 000000000 ____D C:\users\Owner Pc
2018-04-26 14:37 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-04-26 14:17 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-04-26 05:17 - 2017-12-04 07:56 - 001520326 _____ C:\Windows\System32\PerfStringBackup.INI
2018-04-23 06:17 - 2018-03-18 16:38 - 000000356 _____ C:\Windows\Tasks\HPCeeScheduleForOwner Pc.job
2018-04-22 16:18 - 2018-03-18 16:38 - 000003260 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner Pc
2018-04-22 10:22 - 2017-03-18 13:03 - 000000000 ____D C:\Windows\System32\Tasks_Migrated
2018-04-20 11:36 - 2017-11-25 16:47 - 000002258 _____ C:\Users\Owner Pc\Desktop\Wurm Online [Stable].lnk
2018-04-20 11:13 - 2015-06-10 09:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-20 11:12 - 2015-06-10 09:40 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-20 11:00 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-04-18 04:30 - 2017-12-04 08:37 - 000004278 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-04-15 06:11 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-04-12 16:08 - 2018-03-15 07:58 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-04-12 08:32 - 2017-05-27 04:45 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgMonFlt.sys
2018-04-10 19:21 - 2016-07-25 18:57 - 000000000 ___RD C:\Users\Owner Pc\3D Objects
2018-04-10 19:21 - 2016-04-26 22:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-10 19:18 - 2017-12-04 07:51 - 000270104 _____ C:\Windows\System32\FNTCACHE.DAT
2018-04-10 19:14 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-04-10 19:13 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2018-04-10 19:13 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
2018-04-10 19:13 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-04-10 17:55 - 2015-02-15 11:56 - 000000000 ____D C:\Windows\System32\MRT
2018-04-10 17:40 - 2017-10-11 12:12 - 136971704 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-04-10 17:40 - 2015-02-15 11:56 - 136971704 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-04-10 17:26 - 2017-12-04 08:37 - 000004586 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 17:26 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Macromed
2018-04-10 17:25 - 2018-03-13 13:18 - 000004574 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 17:25 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 16:53 - 2017-12-04 10:25 - 000169472 _____ (Microsoft Corporation) C:\Windows\System32\wuuhosdeployment.dll
2018-04-07 12:53 - 2018-01-23 05:49 - 000000000 ____D C:\Users\Owner Pc\Downloads\CaptchaBot
2018-04-05 15:30 - 2017-11-24 16:36 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgArPot.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgSP.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgVmm.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgStm.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRdr2.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRvrt.sys
2018-04-05 15:30 - 2017-05-27 04:45 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgHwid.sys
2018-04-05 15:28 - 2017-05-27 04:45 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgSnx.sys
2018-04-05 15:27 - 2017-05-27 04:45 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbloga.sys
2018-04-05 15:27 - 2017-05-27 04:45 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsdrivera.sys
2018-04-05 15:27 - 2017-05-27 04:45 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsha.sys
2018-04-05 15:27 - 2017-05-27 04:45 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbdiska.sys
2018-04-05 15:27 - 2017-05-27 04:45 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbuniva.sys

Some files in TEMP:
====================
2018-04-23 04:54 - 2018-04-23 04:55 - 064112160 _____ (SweetLabs,Inc.) C:\Users\Owner Pc\AppData\Local\Temp\octF659.tmp.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2018-04-10 16:33] - [2018-03-29 19:26] - 000716288 _____ (Microsoft Corporation) C67E7F605A830AA96A204ECCDC678FBC

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll
[2018-04-10 16:34] - [2018-03-12 23:03] - 000739696 _____ (Microsoft Corporation) 51A5224C9B00B1F31C016B4B29F3DFB7

C:\Windows\SysWOW64\dnsapi.dll
[2018-04-10 16:34] - [2018-03-12 21:15] - 000597160 _____ (Microsoft Corporation) CCF0DECFEB3D31F4CB733B39EFDFBAB3

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3542.52 MB
Available physical RAM: 2746.85 MB
Total Virtual: 3542.52 MB
Available Virtual: 2773.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.51 GB) (Free:279.67 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.33 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Backup Plus) (Fixed) (Total:2794.51 GB) (Free:0.01 GB) NTFS
Drive g: (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.64 GB) NTFS
Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:3.74 GB) (Free:2.85 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS

\\?\Volume{a5aad72f-4d94-4558-b35b-744bef9f5d38}\ () (Fixed) (Total:0.44 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C742E50F)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

LastRegBack: 2018-04-22 11:07

==================== End of FRST.txt ============================
jqc21 is offline  
Old 04-28-2018, 12:26 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21. Good job!

I need you to re-install MBAM, go to Settings > Protection > Scan Options > Scan for rootkits > On

Go back to the Dashboard > Scan Now

Allow MBAM to remove anything it finds and post the log here in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-30-2018, 03:24 PM   #11
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here is the results of the scan.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/30/18
Scan Time: 8:19 AM
Log File: c308d418-4c70-11e8-8932-6002922d270c.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4922
License: Free

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: OWNER\Owner Pc

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 324187
Threats Detected: 205
Threats Quarantined: 205
Time Elapsed: 45 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 39
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\NARCISSISTS\MARIACHIS.EXE, Quarantined, [6223], [513324],1.0.4922

Module: 39
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\NARCISSISTS\MARIACHIS.EXE, Quarantined, [6223], [513324],1.0.4922

Registry Key: 72
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\bundestag_empirical, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2524036F-7931-4E22-9592-88A2FED5E47A}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{2524036F-7931-4E22-9592-88A2FED5E47A}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tsbundestag_empiricalbundestag_empirical, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A83A1EE-1472-4F19-9038-1ECA17E02E02}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7A83A1EE-1472-4F19-9038-1ECA17E02E02}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bundestag_empirical, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2524036F-7931-4E22-9592-88A2FED5E47A}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2524036F-7931-4E22-9592-88A2FED5E47A}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsbundestag_empiricalbundestag_empirical, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A83A1EE-1472-4F19-9038-1ECA17E02E02}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A83A1EE-1472-4F19-9038-1ECA17E02E02}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\crd reminder, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{519BC55A-EC0A-4B09-832F-7918D72E8CB9}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{519BC55A-EC0A-4B09-832F-7918D72E8CB9}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tscrd remindercrd reminder, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BAA106F8-50B0-4281-AC02-816B98F43F00}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BAA106F8-50B0-4281-AC02-816B98F43F00}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crd reminder, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519BC55A-EC0A-4B09-832F-7918D72E8CB9}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{519BC55A-EC0A-4B09-832F-7918D72E8CB9}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tscrd remindercrd reminder, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAA106F8-50B0-4281-AC02-816B98F43F00}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAA106F8-50B0-4281-AC02-816B98F43F00}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\schubert, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36C0FA9F-0656-48B0-8C9B-DAA1E53BEE59}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{36C0FA9F-0656-48B0-8C9B-DAA1E53BEE59}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tsschubertschubert, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{888C3CCB-5E46-430C-A9BC-727EAC166CD9}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{888C3CCB-5E46-430C-A9BC-727EAC166CD9}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schubert, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C0FA9F-0656-48B0-8C9B-DAA1E53BEE59}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36C0FA9F-0656-48B0-8C9B-DAA1E53BEE59}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsschubertschubert, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{888C3CCB-5E46-430C-A9BC-727EAC166CD9}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{888C3CCB-5E46-430C-A9BC-727EAC166CD9}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\sickeningly_promiscuously, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{60A1C9B3-8940-4CC2-91C7-2CEE1281BF1E}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{60A1C9B3-8940-4CC2-91C7-2CEE1281BF1E}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tssickeningly_promiscuouslysickeningly_promiscuously, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D50AA03A-48E1-4EDC-829C-956D69695005}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D50AA03A-48E1-4EDC-829C-956D69695005}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sickeningly_promiscuously, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A1C9B3-8940-4CC2-91C7-2CEE1281BF1E}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60A1C9B3-8940-4CC2-91C7-2CEE1281BF1E}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tssickeningly_promiscuouslysickeningly_promiscuously, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D50AA03A-48E1-4EDC-829C-956D69695005}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D50AA03A-48E1-4EDC-829C-956D69695005}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\throes-hyrum, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4349B04-D594-4269-82F1-D8E1D81828FA}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C4349B04-D594-4269-82F1-D8E1D81828FA}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tsthroes-hyrumthroes-hyrum, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BCA4E353-C534-40E8-B567-BBED6572593F}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BCA4E353-C534-40E8-B567-BBED6572593F}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\throes-hyrum, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4349B04-D594-4269-82F1-D8E1D81828FA}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4349B04-D594-4269-82F1-D8E1D81828FA}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsthroes-hyrumthroes-hyrum, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA4E353-C534-40E8-B567-BBED6572593F}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCA4E353-C534-40E8-B567-BBED6572593F}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ludmila orlando organizer, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FEDA4755-D715-426D-B8FD-8D4ADDCC1A6A}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{FEDA4755-D715-426D-B8FD-8D4ADDCC1A6A}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\tsludmila orlando organizerludmila orlando organizer, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4887B16-B605-4571-BD3F-373149714C4C}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C4887B16-B605-4571-BD3F-373149714C4C}, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ludmila orlando organizer, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEDA4755-D715-426D-B8FD-8D4ADDCC1A6A}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEDA4755-D715-426D-B8FD-8D4ADDCC1A6A}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tsludmila orlando organizerludmila orlando organizer, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4887B16-B605-4571-BD3F-373149714C4C}, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4887B16-B605-4571-BD3F-373149714C4C}, Quarantined, [11816], [-1],0.0.0

Registry Value: 14
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pursepurse, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mercurialmercurial, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sinkssinks, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unpreparednessunpreparedness, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|purse, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mercurial, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sinks, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unpreparedness, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unrepeatable, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pursesinks, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mercurialunpreparedness, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sinkspurse, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unpreparednessmercurial, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic, HKU\S-1-5-21-4239603102-2323477208-2272426416-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mariachis, Quarantined, [6223], [513324],1.0.4922

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 41
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\bundestag_empirical, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsbundestag_empiricalbundestag_empirical, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\bundestag_empirical, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsbundestag_empiricalbundestag_empirical, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\crd reminder, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tscrd remindercrd reminder, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\LAMINAR\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\crd reminder, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tscrd remindercrd reminder, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\schubert, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsschubertschubert, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ricci.lnk, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\schubert, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsschubertschubert, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sickeningly_promiscuously, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tssickeningly_promiscuouslysickeningly_promiscuously, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sickeningly_promiscuously, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tssickeningly_promiscuouslysickeningly_promiscuously, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\throes-hyrum, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsthroes-hyrumthroes-hyrum, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ricciricci.lnk, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\throes-hyrum, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsthroes-hyrumthroes-hyrum, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\ludmila orlando organizer, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsludmila orlando organizerludmila orlando organizer, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\USERS\OWNER PC\APPDATA\LOCAL\VEGETATIVE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\ludmila orlando organizer, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\tsludmila orlando organizerludmila orlando organizer, Quarantined, [11816], [-1],0.0.0
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\NARCISSISTS\MARIACHIS.EXE, Quarantined, [6223], [513324],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\WONK.DLL, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\MAHARAJAH.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\MAHARAJAH\VEGETATIVE.DLL, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\REMOTELY\REMOTELY.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\CAMPFIRE.EXE, Quarantined, [11816], [513131],1.0.4922
Adware.Elex.ShrtCln, C:\USERS\OWNER PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [246], [454684],1.0.4922
Adware.Elex.ShrtCln, C:\USERS\OWNER PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [246], [454684],1.0.4922
Adware.Elex.ShrtCln, C:\USERS\OWNER PC\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [246], [454684],1.0.4922

Physical Sector: 0
(No malicious items detected)


(end)
jqc21 is offline  
Old 04-30-2018, 07:16 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21. Good job! How is the machine behaving? It should be much better now.

Please run FRST64.exe again(in Normal Mode) and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-01-2018, 05:03 PM   #13
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here is the results. Had to attach both as it was too long. It is better now. If malwarebytes is ever uninstalled will the infections come back?
Attached Files
File Type: txt Addition.txt (67.6 KB, 15 views)
File Type: txt FRST.txt (100.6 KB, 20 views)
jqc21 is offline  
Old 05-01-2018, 07:55 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21.

Quote:
If malwarebytes is ever uninstalled will the infections come back?
There is no way to answer that question. No tool catches everything.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    Task: {0200BB03-0E81-45F7-8F41-045D2FEB6BC8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
    Task: {111E43DB-5CA8-41E1-9555-EA4643EE3D23} - System32\Tasks\HPCeeScheduleForOwner Pc => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {11D313C6-E9DA-497B-9552-4B49F8E7B90F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
    Task: {183CD4AF-C138-4204-8E38-3A8815C8D432} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
    Task: {24FA06F5-DC22-49C6-98A0-8616D4348100} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {2A548ABE-0C04-459D-9252-B8BAF870C246} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {2E2B9954-B778-4DD3-B4B5-032A440FC98F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {3611CBFB-51BF-4B5F-8626-3CB51714EF93} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {7574FE76-3BA0-4692-AD99-76B304F43AC3} - \0615avUpdateInfo -> No File <==== ATTENTION
    Task: {7910F61A-AFE0-4FA2-A847-F86C714C3213} - System32\Tasks\SweetLabs App Platform => C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-18] (Pokki)
    Task: {7D942CDD-D942-4938-BC39-E10BD4C70A0F} - \WPD\SqmUpload_S-1-5-21-4239603102-2323477208-2272426416-1001 -> No File <==== ATTENTION
    Task: {A96361B6-4071-472D-BCDB-9E7121A33FC1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {B013278D-80D8-4196-8B85-DEFDA579D67C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {B33C0065-7098-4732-A787-4EBD763873B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C5F63438-2CC3-400C-89C5-A6FD450E635E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {CB5B8B5A-8B56-411A-83F5-4FF1C6EF8FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D4876147-4F91-48F1-9CF7-1C75FE0059AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {D4949528-F98F-4852-AE78-BFC3C821DEB8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {E0BE17FD-4ED1-4605-8D0B-DDD68E62B235} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F30CD5A0-3A48-4911-9AC5-3E3965B53827} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F890E194-E2EA-4919-BD5E-7EB78850E5AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F915AFC7-DED4-4F8C-9656-F03E25EBF748} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {FCC4208D-B79B-4F04-BAE7-AC6190CEF8F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    FirewallRules: [{CD0069A9-76DB-436D-8A70-58CB7A9935A9}] => (Allow) C:\Program Files (x86)\Maharajah\Vegetative.exe
    FirewallRules: [{7A58C7B7-16DB-490C-8E37-2066B1784024}] => (Allow) C:\Program Files (x86)\Laminar\Vegetative.exe
    FirewallRules: [{EE881A38-A278-4277-B5B3-2BF788AB42A0}] => (Allow) C:\Program Files (x86)\remotely\wonk.exe
    FirewallRules: [{802530FA-AB26-4541-9E0D-16807E5D1832}] => (Allow) C:\Program Files (x86)\Laminar\wonk.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll => No File
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
    Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll No File
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
    S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
    S4 sumardkb; System32\drivers\nvnlraek.sys [X]
    2018-04-27 09:21 - 2018-04-27 09:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\raiptbe
    2018-04-26 23:32 - 2018-04-26 23:32 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avrlxmd
    2018-04-26 18:44 - 2018-04-26 18:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\seemxip
    2018-04-26 15:35 - 2018-04-26 15:35 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\niawgdh
    2018-04-26 11:28 - 2018-04-26 11:28 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\mshrpto
    2018-04-26 09:41 - 2018-04-26 09:41 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avazmop
    2018-04-26 00:20 - 2018-04-26 00:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\scceupo
    2018-04-26 00:17 - 2018-04-26 00:17 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rtchabl
    2018-04-26 00:06 - 2018-04-26 00:06 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wikprnd
    2018-04-25 23:59 - 2018-04-25 23:59 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\spbuxrc
    2018-04-24 16:11 - 2018-04-24 16:11 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\dsbgpue
    2018-04-23 10:27 - 2018-04-23 10:27 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sibgzoa
    2018-04-22 14:01 - 2018-04-22 14:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\cwsvuxn
    2018-04-21 12:20 - 2018-04-21 12:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msahcbo
    2018-04-21 00:25 - 2018-04-21 00:25 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sbcgenx
    2018-04-20 21:18 - 2018-04-20 21:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvcxdsh
    2018-04-20 21:09 - 2018-04-20 21:09 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\coatghz
    2018-04-20 20:57 - 2018-04-20 20:57 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\lmkrcnb
    2018-04-20 20:02 - 2018-04-20 20:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zarnhvb
    2018-04-20 16:02 - 2018-04-20 16:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zamcruv
    2018-04-20 14:49 - 2018-04-20 14:49 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nievrlm
    2018-04-20 14:38 - 2018-04-20 14:38 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wdecloh
    2018-04-19 23:33 - 2018-04-19 23:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exndcso
    2018-04-19 23:18 - 2018-04-19 23:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rangucv
    2018-04-19 23:01 - 2018-04-19 23:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\snovhtd
    2018-04-19 21:33 - 2018-04-19 21:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msenogd
    2018-04-19 21:21 - 2018-04-26 23:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvnxpuz
    2018-04-19 21:21 - 2018-04-19 21:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvkopir
    2018-04-19 20:56 - 2018-04-27 13:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wmcagent
    2018-04-19 20:56 - 2018-04-19 21:15 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exswkto
    2018-04-19 20:50 - 2018-04-27 13:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\vdkcwal
    2018-04-19 20:50 - 2018-04-19 20:50 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\aucnhit
    2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ___HD C:\Program Files (x86)\narcissists
    2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ___HD C:\Program Files (x86)\Laminar
    2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ____D C:\Program Files (x86)\remotely
    2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ____D C:\Program Files (x86)\Maharajah
    2018-04-19 20:48 - 2018-04-27 09:18 - 002888704 _____ C:\WINDOWS\system32\vdcxanisvc.exe
    2018-04-19 20:48 - 2018-04-20 15:39 - 000000000 ____D C:\Program Files (x86)\explainable
    2018-04-19 20:48 - 2018-04-19 20:48 - 000000012 _____ C:\WINDOWS\b71619104
    2018-04-19 20:48 - 2018-04-19 20:48 - 000000000 ____D C:\WINDOWS\SysWOW64\zahbrgl
    2018-04-19 20:48 - 2018-04-19 20:48 - 000000000 ____D C:\WINDOWS\system32\zahbrgl
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-02-2018, 04:21 PM   #15
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here are the results.

Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Owner Pc (02-05-2018 19:02:51) Run:2
Running from H:\Documents
Loaded Profiles: Owner Pc (Available Profiles: Owner Pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Owner Pc\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0200BB03-0E81-45F7-8F41-045D2FEB6BC8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {111E43DB-5CA8-41E1-9555-EA4643EE3D23} - System32\Tasks\HPCeeScheduleForOwner Pc => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {11D313C6-E9DA-497B-9552-4B49F8E7B90F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-12] (Microsoft Corporation)
Task: {183CD4AF-C138-4204-8E38-3A8815C8D432} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {24FA06F5-DC22-49C6-98A0-8616D4348100} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A548ABE-0C04-459D-9252-B8BAF870C246} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {2E2B9954-B778-4DD3-B4B5-032A440FC98F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3611CBFB-51BF-4B5F-8626-3CB51714EF93} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7574FE76-3BA0-4692-AD99-76B304F43AC3} - \0615avUpdateInfo -> No File <==== ATTENTION
Task: {7910F61A-AFE0-4FA2-A847-F86C714C3213} - System32\Tasks\SweetLabs App Platform => C:\Users\Owner Pc\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-09-18] (Pokki)
Task: {7D942CDD-D942-4938-BC39-E10BD4C70A0F} - \WPD\SqmUpload_S-1-5-21-4239603102-2323477208-2272426416-1001 -> No File <==== ATTENTION
Task: {A96361B6-4071-472D-BCDB-9E7121A33FC1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B013278D-80D8-4196-8B85-DEFDA579D67C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B33C0065-7098-4732-A787-4EBD763873B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C5F63438-2CC3-400C-89C5-A6FD450E635E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CB5B8B5A-8B56-411A-83F5-4FF1C6EF8FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D4876147-4F91-48F1-9CF7-1C75FE0059AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {D4949528-F98F-4852-AE78-BFC3C821DEB8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E0BE17FD-4ED1-4605-8D0B-DDD68E62B235} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F30CD5A0-3A48-4911-9AC5-3E3965B53827} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F890E194-E2EA-4919-BD5E-7EB78850E5AC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F915AFC7-DED4-4F8C-9656-F03E25EBF748} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FCC4208D-B79B-4F04-BAE7-AC6190CEF8F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
FirewallRules: [{CD0069A9-76DB-436D-8A70-58CB7A9935A9}] => (Allow) C:\Program Files (x86)\Maharajah\Vegetative.exe
FirewallRules: [{7A58C7B7-16DB-490C-8E37-2066B1784024}] => (Allow) C:\Program Files (x86)\Laminar\Vegetative.exe
FirewallRules: [{EE881A38-A278-4277-B5B3-2BF788AB42A0}] => (Allow) C:\Program Files (x86)\remotely\wonk.exe
FirewallRules: [{802530FA-AB26-4541-9E0D-16807E5D1832}] => (Allow) C:\Program Files (x86)\Laminar\wonk.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll => No File
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
S4 sumardkb; System32\drivers\nvnlraek.sys [X]
2018-04-27 09:21 - 2018-04-27 09:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\raiptbe
2018-04-26 23:32 - 2018-04-26 23:32 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avrlxmd
2018-04-26 18:44 - 2018-04-26 18:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\seemxip
2018-04-26 15:35 - 2018-04-26 15:35 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\niawgdh
2018-04-26 11:28 - 2018-04-26 11:28 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\mshrpto
2018-04-26 09:41 - 2018-04-26 09:41 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\avazmop
2018-04-26 00:20 - 2018-04-26 00:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\scceupo
2018-04-26 00:17 - 2018-04-26 00:17 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rtchabl
2018-04-26 00:06 - 2018-04-26 00:06 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wikprnd
2018-04-25 23:59 - 2018-04-25 23:59 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\spbuxrc
2018-04-24 16:11 - 2018-04-24 16:11 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\dsbgpue
2018-04-23 10:27 - 2018-04-23 10:27 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sibgzoa
2018-04-22 14:01 - 2018-04-22 14:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\cwsvuxn
2018-04-21 12:20 - 2018-04-21 12:20 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msahcbo
2018-04-21 00:25 - 2018-04-21 00:25 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\sbcgenx
2018-04-20 21:18 - 2018-04-20 21:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvcxdsh
2018-04-20 21:09 - 2018-04-20 21:09 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\coatghz
2018-04-20 20:57 - 2018-04-20 20:57 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\lmkrcnb
2018-04-20 20:02 - 2018-04-20 20:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zarnhvb
2018-04-20 16:02 - 2018-04-20 16:02 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\zamcruv
2018-04-20 14:49 - 2018-04-20 14:49 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nievrlm
2018-04-20 14:38 - 2018-04-20 14:38 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wdecloh
2018-04-19 23:33 - 2018-04-19 23:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exndcso
2018-04-19 23:18 - 2018-04-19 23:18 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\rangucv
2018-04-19 23:01 - 2018-04-19 23:01 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\snovhtd
2018-04-19 21:33 - 2018-04-19 21:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\msenogd
2018-04-19 21:21 - 2018-04-26 23:44 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvnxpuz
2018-04-19 21:21 - 2018-04-19 21:21 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\nvkopir
2018-04-19 20:56 - 2018-04-27 13:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\wmcagent
2018-04-19 20:56 - 2018-04-19 21:15 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\exswkto
2018-04-19 20:50 - 2018-04-27 13:33 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\vdkcwal
2018-04-19 20:50 - 2018-04-19 20:50 - 000000000 ____D C:\Users\Owner Pc\AppData\Local\aucnhit
2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ___HD C:\Program Files (x86)\narcissists
2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ___HD C:\Program Files (x86)\Laminar
2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ____D C:\Program Files (x86)\remotely
2018-04-19 20:48 - 2018-04-30 10:19 - 000000000 ____D C:\Program Files (x86)\Maharajah
2018-04-19 20:48 - 2018-04-27 09:18 - 002888704 _____ C:\WINDOWS\system32\vdcxanisvc.exe
2018-04-19 20:48 - 2018-04-20 15:39 - 000000000 ____D C:\Program Files (x86)\explainable
2018-04-19 20:48 - 2018-04-19 20:48 - 000000012 _____ C:\WINDOWS\b71619104
2018-04-19 20:48 - 2018-04-19 20:48 - 000000000 ____D C:\WINDOWS\SysWOW64\zahbrgl
2018-04-19 20:48 - 2018-04-19 20:48 - 000000000 ____D C:\WINDOWS\system32\zahbrgl
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-4239603102-2323477208-2272426416-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0200BB03-0E81-45F7-8F41-045D2FEB6BC8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0200BB03-0E81-45F7-8F41-045D2FEB6BC8}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111E43DB-5CA8-41E1-9555-EA4643EE3D23}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111E43DB-5CA8-41E1-9555-EA4643EE3D23}" => removed successfully
C:\WINDOWS\System32\Tasks\HPCeeScheduleForOwner Pc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForOwner Pc" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11D313C6-E9DA-497B-9552-4B49F8E7B90F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11D313C6-E9DA-497B-9552-4B49F8E7B90F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{183CD4AF-C138-4204-8E38-3A8815C8D432}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{183CD4AF-C138-4204-8E38-3A8815C8D432}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24FA06F5-DC22-49C6-98A0-8616D4348100}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24FA06F5-DC22-49C6-98A0-8616D4348100}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A548ABE-0C04-459D-9252-B8BAF870C246}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A548ABE-0C04-459D-9252-B8BAF870C246}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E2B9954-B778-4DD3-B4B5-032A440FC98F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2B9954-B778-4DD3-B4B5-032A440FC98F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3611CBFB-51BF-4B5F-8626-3CB51714EF93}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3611CBFB-51BF-4B5F-8626-3CB51714EF93}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7574FE76-3BA0-4692-AD99-76B304F43AC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7574FE76-3BA0-4692-AD99-76B304F43AC3}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615avUpdateInfo => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7910F61A-AFE0-4FA2-A847-F86C714C3213}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7910F61A-AFE0-4FA2-A847-F86C714C3213}" => removed successfully
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D942CDD-D942-4938-BC39-E10BD4C70A0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D942CDD-D942-4938-BC39-E10BD4C70A0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4239603102-2323477208-2272426416-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A96361B6-4071-472D-BCDB-9E7121A33FC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A96361B6-4071-472D-BCDB-9E7121A33FC1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B013278D-80D8-4196-8B85-DEFDA579D67C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B013278D-80D8-4196-8B85-DEFDA579D67C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33C0065-7098-4732-A787-4EBD763873B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33C0065-7098-4732-A787-4EBD763873B7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5F63438-2CC3-400C-89C5-A6FD450E635E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F63438-2CC3-400C-89C5-A6FD450E635E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB5B8B5A-8B56-411A-83F5-4FF1C6EF8FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB5B8B5A-8B56-411A-83F5-4FF1C6EF8FA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4876147-4F91-48F1-9CF7-1C75FE0059AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4876147-4F91-48F1-9CF7-1C75FE0059AD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4949528-F98F-4852-AE78-BFC3C821DEB8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4949528-F98F-4852-AE78-BFC3C821DEB8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0BE17FD-4ED1-4605-8D0B-DDD68E62B235}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0BE17FD-4ED1-4605-8D0B-DDD68E62B235}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F30CD5A0-3A48-4911-9AC5-3E3965B53827}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F30CD5A0-3A48-4911-9AC5-3E3965B53827}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F890E194-E2EA-4919-BD5E-7EB78850E5AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F890E194-E2EA-4919-BD5E-7EB78850E5AC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F915AFC7-DED4-4F8C-9656-F03E25EBF748}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F915AFC7-DED4-4F8C-9656-F03E25EBF748}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCC4208D-B79B-4F04-BAE7-AC6190CEF8F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC4208D-B79B-4F04-BAE7-AC6190CEF8F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD0069A9-76DB-436D-8A70-58CB7A9935A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A58C7B7-16DB-490C-8E37-2066B1784024}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE881A38-A278-4277-B5B3-2BF788AB42A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{802530FA-AB26-4541-9E0D-16807E5D1832}" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}" => removed successfully
"HKLM\Software\Classes\CLSID\{0F4B8786-5502-4803-8EBC-F652A1153BB6}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{0F4B8786-5502-4803-8EBC-F652A1153BB6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
"HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
"HKLM\Software\MozillaPlugins @mcafee.com/MSC,version=10" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins @mcafee.com/MSC,version=10" => removed successfully
"HKLM\System\CurrentControlSet\Services\windowsmanagementservice" => removed successfully
windowsmanagementservice => service removed successfully
"HKLM\System\CurrentControlSet\Services\sumardkb" => removed successfully
sumardkb => service removed successfully
C:\Users\Owner Pc\AppData\Local\raiptbe => moved successfully
C:\Users\Owner Pc\AppData\Local\avrlxmd => moved successfully
C:\Users\Owner Pc\AppData\Local\seemxip => moved successfully
C:\Users\Owner Pc\AppData\Local\niawgdh => moved successfully
C:\Users\Owner Pc\AppData\Local\mshrpto => moved successfully
C:\Users\Owner Pc\AppData\Local\avazmop => moved successfully
C:\Users\Owner Pc\AppData\Local\scceupo => moved successfully
C:\Users\Owner Pc\AppData\Local\rtchabl => moved successfully
C:\Users\Owner Pc\AppData\Local\wikprnd => moved successfully
C:\Users\Owner Pc\AppData\Local\spbuxrc => moved successfully
C:\Users\Owner Pc\AppData\Local\dsbgpue => moved successfully
C:\Users\Owner Pc\AppData\Local\sibgzoa => moved successfully
C:\Users\Owner Pc\AppData\Local\cwsvuxn => moved successfully
C:\Users\Owner Pc\AppData\Local\msahcbo => moved successfully
C:\Users\Owner Pc\AppData\Local\sbcgenx => moved successfully
C:\Users\Owner Pc\AppData\Local\nvcxdsh => moved successfully
C:\Users\Owner Pc\AppData\Local\coatghz => moved successfully
C:\Users\Owner Pc\AppData\Local\lmkrcnb => moved successfully
C:\Users\Owner Pc\AppData\Local\zarnhvb => moved successfully
C:\Users\Owner Pc\AppData\Local\zamcruv => moved successfully
C:\Users\Owner Pc\AppData\Local\nievrlm => moved successfully
C:\Users\Owner Pc\AppData\Local\wdecloh => moved successfully
C:\Users\Owner Pc\AppData\Local\exndcso => moved successfully
C:\Users\Owner Pc\AppData\Local\rangucv => moved successfully
C:\Users\Owner Pc\AppData\Local\snovhtd => moved successfully
C:\Users\Owner Pc\AppData\Local\msenogd => moved successfully
C:\Users\Owner Pc\AppData\Local\nvnxpuz => moved successfully
C:\Users\Owner Pc\AppData\Local\nvkopir => moved successfully
C:\Users\Owner Pc\AppData\Local\wmcagent => moved successfully
C:\Users\Owner Pc\AppData\Local\exswkto => moved successfully
C:\Users\Owner Pc\AppData\Local\vdkcwal => moved successfully
C:\Users\Owner Pc\AppData\Local\aucnhit => moved successfully
C:\Program Files (x86)\narcissists => moved successfully
C:\Program Files (x86)\Laminar => moved successfully
C:\Program Files (x86)\remotely => moved successfully
C:\Program Files (x86)\Maharajah => moved successfully
C:\WINDOWS\system32\vdcxanisvc.exe => moved successfully
C:\Program Files (x86)\explainable => moved successfully
C:\WINDOWS\b71619104 => moved successfully
C:\WINDOWS\SysWOW64\zahbrgl => moved successfully
C:\WINDOWS\system32\zahbrgl => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156215910 B
Java, Flash, Steam htmlcache => 5020 B
Windows/system/drivers => 3270795 B
Edge => 757238 B
Chrome => 282128491 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4958 B
NetworkService => 0 B
Owner Pc => 487332476 B

RecycleBin => 886597 B
EmptyTemp: => 897.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-05-2018 19:14:14)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615avUpdateInfo => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 19:14:15 ====
jqc21 is offline  
Old 05-02-2018, 09:37 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-04-2018, 06:45 AM   #17
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

Here is the results.

C:\FRST\Quarantine\C\Users\Owner Pc\AppData\Local\vdkcwal\vdkcwal.exe.xBAD a variant of Win32/Adware.5Hex.L application
C:\FRST\Quarantine\C\Windows\System32\drivers\svcxbehl.sys.xBAD a variant of Win64/Adware.5Hex.G application
C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_00220d WASM/CoinMiner.B potentially unwanted application
C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_003364 HTML/Refresh.BC trojan
C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_00353b HTML/Refresh.BC trojan
C:\Users\Owner Pc\AppData\Local\JxBrowser\jxbrowser-chromium-55.0.2883.87.6.14.2\data\Cache\f_0002e4 JS/CoinMiner.B potentially unwanted application
C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820.exe a variant of Win64/CoinMiner.DI trojan
C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820_AVX.exe a variant of Win64/CoinMiner.DI trojan
C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820_AVX2.exe a variant of Win64/CoinMiner.DI trojan
C:\Users\Owner Pc\Documents\Jaycoin\Jaycoin-qt.exe a variant of Win32/CoinMiner.BJ potentially unwanted application
C:\Users\Owner Pc\Downloads\appsmomentandroid.apk a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\Burstcoin_Wallet_AIO_Setup_0.3.13.exe a variant of Win64/CoinMiner.DI trojan
C:\Users\Owner Pc\Downloads\cgminer-alt-pool-eu3.7z a variant of Win32/CoinMiner.BF potentially unwanted application
C:\Users\Owner Pc\Downloads\GML Poster Pro Setup.zip a variant of MSIL/Ubot.D potentially unsafe application
C:\Users\Owner Pc\Downloads\jaycoin-files.zip a variant of Win32/CoinMiner.BJ potentially unwanted application
C:\Users\Owner Pc\Downloads\MinerGate-6.9-win64.exe a variant of Win64/CoinMiner.BN potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (1).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (2).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (3).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (4).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (5).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (6).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\PrizeBox (7).zip a variant of Android/AdDisplay.AirPush.P potentially unwanted application
C:\Users\Owner Pc\Downloads\Mobile app codes\AIOAndroid.zip multiple threats,a variant of Android/AdDisplay.AirPush.G potentially unwanted application,a variant of Android/Plankton.I trojan
C:\Users\Owner Pc\Downloads\Mobile app codes\Archive-0e1e.zip a variant of Android/AdDisplay.AirPush.G potentially unwanted application
C:\Users\Owner Pc\Downloads\Mobile app codes\Archive-f95a.zip a variant of Android/AdDisplay.RevMob.A potentially unwanted application
C:\Users\Owner Pc\Downloads\Mobile app codes\aup12 [Softwarestake.com].rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application
C:\Users\Owner Pc\Downloads\Mobile app codes\Chupamobile.rar a variant of Android/AdDisplay.RevMob.A potentially unwanted application
C:\Users\Owner Pc\Downloads\Mobile app codes\Cooking Game Source Code.rar a variant of Android/AdDisplay.RevMob.A potentially unwanted application
C:\Users\Owner Pc\Downloads\Mobile app codes\ios\IOS.zip a variant of Android/AdDisplay.AirPush.J potentially unwanted application,a variant of Android/AdDisplay.AirPush.I potentially unwanted application
C:\Users\Owner Pc\Downloads\Prizebox\PrizeBox\app-release.apk a variant of Android/AdDisplay.AirPush.P potentially unwanted application
jqc21 is offline  
Old 05-05-2018, 01:26 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jqc21. Any remaining problems?

------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java 8 Update 151 (64-bit)

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Some of the ESET finds have already been quarantined by FRST. Those will get deleted when we uninstall those tools.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_00220d"
"C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_003364"
"C:\Users\Owner Pc\AppData\Local\Google\Chrome\User Data\Default\old_Cache_001\f_00353b"
"C:\Users\Owner Pc\AppData\Local\JxBrowser\jxbrowser-chromium-55.0.2883.87.6.14.2\data\Cache\f_0002e4"
"C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820.exe"
"C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820_AVX.exe"
"C:\Users\Owner Pc\AppData\Roaming\BurstWallet\miner-burst-1.170820\miner-v1.170820_AVX2.exe"
"C:\Users\Owner Pc\Documents\Jaycoin\Jaycoin-qt.exe"
"C:\Users\Owner Pc\Downloads\appsmomentandroid.apk"
"C:\Users\Owner Pc\Downloads\Burstcoin_Wallet_AIO_Setup_0.3.13.exe"
"C:\Users\Owner Pc\Downloads\cgminer-alt-pool-eu3.7z"
"C:\Users\Owner Pc\Downloads\GML Poster Pro Setup.zip"
"C:\Users\Owner Pc\Downloads\jaycoin-files.zip"
"C:\Users\Owner Pc\Downloads\MinerGate-6.9-win64.exe"
"C:\Users\Owner Pc\Downloads\PrizeBox (1).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (2).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (3).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (4).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (5).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (6).zip"
"C:\Users\Owner Pc\Downloads\PrizeBox (7).zip"
"C:\Users\Owner Pc\Downloads\Mobile app codes\AIOAndroid.zip"
"C:\Users\Owner Pc\Downloads\Mobile app codes\Archive-0e1e.zip"
"C:\Users\Owner Pc\Downloads\Mobile app codes\Archive-f95a.zip"
"C:\Users\Owner Pc\Downloads\Mobile app codes\aup12 [Softwarestake.com].rar"
"C:\Users\Owner Pc\Downloads\Mobile app codes\Chupamobile.rar"
"C:\Users\Owner Pc\Downloads\Mobile app codes\Cooking Game Source Code.rar"
"C:\Users\Owner Pc\Downloads\Mobile app codes\ios\IOS.zip"
"C:\Users\Owner Pc\Downloads\Prizebox\PrizeBox\app-release.apk"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-05-2018, 07:38 PM   #19
Registered Member
 
Join Date: Apr 2006
Location: Pennsylvania
Posts: 122
OS: XP, Vista, Windows 10



Hi,

It seems to running good. I deleted and reinstalled an updated version of java. After running fix.bat it said Successfully deleted.
jqc21 is offline  
Old 05-06-2018, 02:07 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go File > Uninstall > Yes

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel-power 41 and digital signature read failure
Hello. For the past couple months I've had alot of Kernel-power failures...which shut off my laptop without any bsod showing up. It happens up to four times an hour. Now, a new error has popped up after the crash. File: hpdskflt.sys with error code: 0xc0000428. This is the first time I ever...
Nr1864 Laptop Support 13 08-05-2016 11:00 AM
Foxfire - keep getting viruses
Before I run the DDS, etc. :angel: 1st I wanted to check with you about having Malwarebytes Premium and Avast (free) anti-virus on my laptop at the same time. I installed both after reading that a computer needed another anti-virus to work with the Malwarebytes. Were they wrong?? Should I...
bmsbms29 Resolved HJT Threads 12 10-04-2014 11:55 AM
[SOLVED] Problems with staying on line with all Browsers
Hi all, I have a Compaq Microsoft Windows XP Version 2002 Service Pk 3. I checked and it said I have 11.3 GB available. I have downloaded every single Browser, IE keeps saying low on memory, no memory at line 1, 10, 22 etc. freezes up on me & boots me off line.The rest of them seem to all say:...
JoJo62 Motherboards, Bios & CPU 14 06-19-2013 07:43 AM
Acer Laptop with viruses and no internet connection
My laptop has viruses and I cannot get an internet connection. I took it to a local PC repair shop and they said it had about 17 viruses, but wanted $200 to fix it. They said there were adware viruses and some other ones that they needed more time to research. Per the posting instructions, the...
Kelcol Resolved HJT Threads 17 01-09-2013 07:55 PM
Getting windows viruses off Mac OS X?
Hi im running OS X and own several external hard drives, some of which are infected with windows viruses. This obviously is not a problem for my mac but i would like be able to use the hard drives interchangeably between mac and pc and with my pc being as old as it is, it probably isn't a good...
jadasneez Mac Support 1 01-07-2011 06:23 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:02 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts