User Tag List

Suspected Virus?

This is a discussion on Suspected Virus? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello there everyone, for the past couple of months (about 6) a specific .txt file keeps on "creating itself" when


 
 
Thread Tools Search this Thread
Old 07-03-2017, 11:18 AM   #1
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10


Question

Hello there everyone, for the past couple of months (about 6) a specific .txt file keeps on "creating itself" when I start up my computer. The file creates itself on my desktop as soon as I log in to Windows (10). The .txt file is named "SpinProgramErrorLog.txt", and the contents of the file are:

"Spin Program Error Log
----------------------
3 Jul 2017 06:37: Missing important stuff (1)."

The file does not show where it is created, how it is created, or anything. Properties just show as the location of the file being on the desktop, and I can't trace the root of how it got there. I should probably have included more information, but I'm not exactly sure of what more to provide in order to help someone help me find what is creating the file. I would appreciate any help, and please let me know if I can provide more info to help you help me
peters12 is offline  
Sponsored Links
Advertisement
 
Old 07-04-2017, 09:46 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-05-2017, 03:08 PM   #3
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Hello there chemist, thank you for your reply. I am subscribed to the thread, only reason for a delay in reply is usually that I'm away from the computer. I downloaded and run both programs, I'll be copying and attaching the .txt's you requested, though AdwCleaner is not properly working for me. It Scans the computer fine, found 74 threats, then when I ask it to Clean, it stops working. It immediately starts not responding, and I let it in that non-responsive state for somewhere around 20 minutes give or take, and ended up closing it because it doesn't seem like it is going to respond. I'm pretty certain I've had this problem before with AdwCleaner and ended up uninstalling the program because after several tries at "Cleaning", it never worked. I'll try running it a couple more times, if it ends up working, I'll reply again with the log. Here is the FRST.txt log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by Panayotis (administrator) on PANAYOTIS-PC (06-07-2017 00:32:03)
Running from C:\Users\Panayotis\AppData\Local\Temp\scoped_dir932_28001
Loaded Profiles: Panayotis (Available Profiles: Panayotis & postgres)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
(© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Panayotis\AppData\Local\FluxSoftware\Flux\flux.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\StarsHelper\StarsHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1706.1531.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.EU\PokerStars.exe
(PokerTracker Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.EU\gameutil1.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.EU\br\PokerStarsBr.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.EU\br\PokerStarsBr.exe
(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars.EU\br\PokerStarsBr.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PokerTracker Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTrackerWeb4.exe
(Max Value Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTrackerHud4.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
() C:\Users\Panayotis\AppData\Local\Temp\scoped_dir932_2448\AdwCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [2919064 2017-06-14] (Paramount Software UK Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\...\Run: [f.lux] => C:\Users\Panayotis\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9914584 2017-06-13] (Piriform Ltd)
Startup: C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-06-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-06-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19e77819-5d46-469a-8457-c645b02a879a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{fb2586e7-a7b2-491a-b14f-57ff824adfb5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator-ie-helper.dll [2017-05-08] (pdfforge GmbH)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator-ie-plugin.dll [2017-05-08] (pdfforge GmbH)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1t4kgdgy.default
FF ProfilePath: C:\Users\Panayotis\AppData\Roaming\Mozilla\Firefox\Profiles\mku6dkyn.default [2017-07-06]
FF Homepage: Mozilla\Firefox\Profiles\mku6dkyn.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF ProfilePath: C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default [2017-06-27] <==== ATTENTION
FF Extension: (Lightbeam) - C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default\Extensions\[email protected] [2017-05-26]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-05-08] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-2037305802-3142263928-3064936386-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Panayotis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-30] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-24]
CHR Extension: (Google Docs) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-24]
CHR Extension: (Google Drive) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-24]
CHR Extension: (YouTube) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-24]
CHR Extension: (Google Sheets) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-28]
CHR Extension: (AdBlock) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-23]
CHR Extension: (Gmail) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\Panayotis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-04]
CHR HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "about:blank"
OPR Session Restore: -> is enabled.
OPR Extension: (Adblock Plus) - C:\Users\Panayotis\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987672 2017-06-14] (Paramount Software UK Ltd)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2706720 2017-05-08] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1048864 2017-05-08] (pdfforge GmbH)
R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [856864 2017-05-08] (pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
S2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [92160 2015-10-06] (PostgreSQL Global Development Group) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmdag.sys [36558232 2017-05-03] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313745.inf_amd64_133311ca362c9cc6\atikmpag.sys [528792 2017-05-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Advanced Micro Devices)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-08-04] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R1 MpKslab0236e8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6037C17-AA37-48CF-9CBE-19BDEE5A3336}\MpKslab0236e8.sys [44928 2017-07-03] (Microsoft Corporation)
R1 MpKsldcaf8fd5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E1239DF-D403-4CAA-A727-B6866905B136}\MpKsldcaf8fd5.sys [44928 2017-07-05] (Microsoft Corporation)
R0 mrcbt; C:\WINDOWS\System32\drivers\mrcbt.sys [73928 2017-07-03] (Windows (R) Win 7 DDK provider)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-07-03] (Sysinternals - www.sysinternals.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-03-09] (Windows (R) Win 7 DDK provider)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-01-12] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-06 00:31 - 2017-07-06 00:32 - 00000000 ____D C:\FRST
2017-07-06 00:31 - 2017-07-06 00:31 - 02436608 _____ (Farbar) C:\Users\Panayotis\Desktop\FRST64.exe
2017-07-06 00:31 - 2017-07-06 00:31 - 00000000 ____D C:\AdwCleaner
2017-07-06 00:30 - 2017-07-06 00:31 - 04110280 _____ C:\Users\Panayotis\Desktop\AdwCleaner.exe
2017-07-03 19:40 - 2017-07-03 21:16 - 00000038 _____ C:\Users\Panayotis\Desktop\sell ps3.txt
2017-07-03 08:04 - 2017-07-03 08:26 - 00091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-07-03 08:03 - 2017-07-03 08:09 - 00000000 ____D C:\Program Files\ProcessMonitor
2017-07-03 06:01 - 2017-07-03 06:01 - 00596536 _____ C:\Users\Panayotis\Documents\ccleaner_20170703_060055.reg
2017-07-03 05:49 - 2017-07-03 05:50 - 00000000 ____D C:\Program Files\CCleaner
2017-07-03 05:49 - 2017-07-03 05:49 - 00002872 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-03 05:49 - 2017-07-03 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-03 04:20 - 2017-07-03 09:40 - 00000000 ____D C:\Program Files\Macrium
2017-07-03 04:20 - 2017-07-03 04:20 - 00087352 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\mrcbtes.dll
2017-07-03 04:20 - 2017-07-03 04:20 - 00073928 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrcbt.sys
2017-07-03 04:20 - 2017-07-03 04:20 - 00002011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium viBoot.lnk
2017-07-03 04:20 - 2017-07-03 04:20 - 00002006 _____ C:\Users\Public\Desktop\Macrium Reflect.lnk
2017-07-03 04:20 - 2017-07-03 04:20 - 00001999 _____ C:\Users\Public\Desktop\Macrium viBoot.lnk
2017-07-03 04:20 - 2017-07-03 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-07-03 04:00 - 2017-07-03 04:46 - 00000000 ____D C:\ProgramData\Macrium
2017-07-02 18:51 - 2017-07-02 18:51 - 00000279 _____ C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4.lnk
2017-06-30 02:12 - 2017-06-30 02:12 - 00002222 _____ C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-06-29 09:44 - 2017-07-01 11:17 - 00000000 ____D C:\Users\Panayotis\Evernote
2017-06-29 09:44 - 2017-06-29 09:44 - 00000000 ____D C:\Users\Panayotis\AppData\LocalLow\Evernote
2017-06-29 09:44 - 2017-06-29 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-06-29 09:44 - 2017-06-29 09:44 - 00000000 ____D C:\Program Files (x86)\Evernote
2017-06-23 13:46 - 2017-06-23 13:46 - 00013497 _____ C:\Users\Panayotis\Documents\Untitled.stx
2017-06-22 05:35 - 2017-06-28 04:48 - 00000000 __SHD C:\Users\Panayotis\wc
2017-06-22 05:33 - 2017-06-22 05:35 - 00000000 __SHD C:\Users\Panayotis\AppData\Roaming\wyUpdate AU
2017-06-22 05:33 - 2017-06-22 05:33 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyMojo Software
2017-06-22 05:33 - 2017-06-22 05:33 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\CyMojo
2017-06-22 05:33 - 2017-06-22 05:33 - 00000000 ____D C:\Users\Panayotis\AppData\Local\TimeMojo
2017-06-21 17:39 - 2017-06-21 17:39 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\PDF Producer
2017-06-21 05:52 - 2017-06-21 14:35 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\SmartDraw
2017-06-21 05:52 - 2017-06-21 05:52 - 00000000 ____D C:\Users\Panayotis\AppData\System
2017-06-21 05:52 - 2017-06-21 05:52 - 00000000 ____D C:\Users\Panayotis\AppData\Local\SmartDraw
2017-06-20 13:17 - 2017-06-20 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-20 13:09 - 2017-06-20 13:09 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-20 12:59 - 2017-06-20 12:59 - 00000831 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-06-18 13:25 - 2017-06-18 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoldEq
2017-06-18 13:25 - 2017-06-18 13:25 - 00000000 ____D C:\Program Files (x86)\HoldEq
2017-06-18 13:24 - 2017-06-18 13:24 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\HoldEq
2017-06-14 15:25 - 2017-06-03 13:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 15:25 - 2017-06-03 13:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 15:25 - 2017-06-03 13:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 15:25 - 2017-06-03 13:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 15:25 - 2017-06-03 13:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 15:25 - 2017-06-03 13:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 15:25 - 2017-06-03 13:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 15:25 - 2017-06-03 13:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 15:25 - 2017-06-03 13:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 15:25 - 2017-06-03 13:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 15:25 - 2017-06-03 13:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 15:25 - 2017-06-03 13:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 15:25 - 2017-06-03 13:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 15:25 - 2017-06-03 13:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 15:25 - 2017-06-03 12:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 15:25 - 2017-06-03 12:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 15:25 - 2017-06-03 12:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 15:25 - 2017-06-03 12:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 15:25 - 2017-06-03 12:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 15:25 - 2017-06-03 12:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 15:25 - 2017-06-03 12:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 15:25 - 2017-06-03 12:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-14 15:25 - 2017-06-03 12:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-14 15:25 - 2017-06-03 12:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 15:25 - 2017-06-03 12:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 15:25 - 2017-06-03 12:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 15:25 - 2017-06-03 12:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 15:25 - 2017-06-03 12:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 15:25 - 2017-06-03 12:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 15:25 - 2017-06-03 12:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 15:25 - 2017-06-03 12:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 15:25 - 2017-06-03 12:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-14 15:25 - 2017-06-03 12:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 15:25 - 2017-06-03 12:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 15:25 - 2017-06-03 12:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 15:25 - 2017-06-03 12:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 15:25 - 2017-06-03 12:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 15:25 - 2017-06-03 12:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 15:25 - 2017-06-03 12:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 15:25 - 2017-06-03 12:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 15:25 - 2017-06-03 12:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 15:25 - 2017-06-03 12:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 15:25 - 2017-06-03 12:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 15:25 - 2017-06-03 12:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 15:25 - 2017-06-03 12:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 15:25 - 2017-06-03 12:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 15:25 - 2017-06-03 12:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 15:25 - 2017-06-03 12:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 15:25 - 2017-06-03 12:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 15:25 - 2017-06-03 12:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 15:25 - 2017-06-03 12:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 15:25 - 2017-06-03 12:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 15:25 - 2017-06-03 12:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 15:25 - 2017-06-03 12:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 15:25 - 2017-06-03 12:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 15:25 - 2017-06-03 12:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 15:25 - 2017-06-03 12:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 15:25 - 2017-06-03 12:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 15:25 - 2017-06-03 12:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 15:25 - 2017-06-03 12:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 15:25 - 2017-06-03 12:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 15:25 - 2017-06-03 12:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 15:25 - 2017-06-03 12:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 15:25 - 2017-06-03 12:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 15:25 - 2017-06-03 12:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 15:25 - 2017-06-03 12:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 15:25 - 2017-06-03 12:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 15:25 - 2017-06-03 12:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 15:25 - 2017-06-03 12:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 15:25 - 2017-06-03 12:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 15:25 - 2017-06-03 11:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 15:25 - 2017-06-03 11:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 15:25 - 2017-06-03 11:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 15:25 - 2017-06-03 11:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 15:25 - 2017-06-03 11:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 15:25 - 2017-06-03 11:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 15:25 - 2017-06-03 11:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 15:25 - 2017-06-03 11:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 15:25 - 2017-06-03 11:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 15:25 - 2017-06-03 11:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 15:25 - 2017-06-03 11:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 15:25 - 2017-06-03 11:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 15:25 - 2017-06-03 11:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-14 15:25 - 2017-06-03 11:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 15:25 - 2017-06-03 11:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 15:24 - 2017-06-03 13:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 15:24 - 2017-06-03 13:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 15:24 - 2017-06-03 12:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 15:24 - 2017-06-03 12:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-14 15:24 - 2017-06-03 12:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-14 15:24 - 2017-06-03 12:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-14 15:24 - 2017-06-03 12:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 15:24 - 2017-06-03 12:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 15:24 - 2017-06-03 12:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 15:24 - 2017-06-03 12:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 15:24 - 2017-06-03 12:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-12 21:37 - 2017-06-12 21:37 - 00000000 ____D C:\Users\Panayotis\AppData\Local\DBG
2017-06-12 20:03 - 2017-07-03 06:34 - 00000708 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2037305802-3142263928-3064936386-1000.job
2017-06-12 20:03 - 2017-07-03 06:34 - 00000612 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2037305802-3142263928-3064936386-1000.job
2017-06-12 20:03 - 2017-07-03 06:05 - 00003366 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2037305802-3142263928-3064936386-1000
2017-06-12 20:03 - 2017-07-03 06:05 - 00003270 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2037305802-3142263928-3064936386-1000
2017-06-12 19:19 - 2017-06-12 19:19 - 00001138 _____ C:\Users\Panayotis\Desktop\2.lnk
2017-06-12 19:13 - 2017-07-03 23:42 - 00000000 ___RD C:\Users\Panayotis\Google Drive
2017-06-12 19:12 - 2017-06-12 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-06-08 02:55 - 2017-06-08 02:55 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-08 02:55 - 2017-06-08 02:55 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-08 02:55 - 2017-06-08 02:55 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-08 02:55 - 2017-06-08 02:55 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-08 02:55 - 2017-06-08 02:55 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-08 02:55 - 2017-06-08 02:55 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-08 02:54 - 2017-06-08 02:54 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-08 02:54 - 2017-06-08 02:54 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-08 02:54 - 2017-06-08 02:54 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-08 02:54 - 2017-06-08 02:54 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-08 02:54 - 2017-06-08 02:54 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-08 02:54 - 2017-06-08 02:54 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-08 02:54 - 2017-06-08 02:54 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-08 02:54 - 2017-06-08 02:54 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-08 02:54 - 2017-06-08 02:54 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-08 02:54 - 2017-06-08 02:54 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-08 02:54 - 2017-06-08 02:54 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-08 02:50 - 2017-06-08 02:50 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-08 02:50 - 2017-06-07 15:59 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-08 02:50 - 2017-03-18 08:59 - 08229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0008.dll
2017-06-08 02:48 - 2017-06-08 02:48 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-08 02:48 - 2017-06-08 02:48 - 00000000 ____D C:\Program Files\MSBuild
2017-06-08 02:48 - 2017-06-08 02:48 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-08 02:48 - 2017-06-08 02:48 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-08 02:47 - 2017-06-08 02:47 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-08 02:47 - 2017-02-10 22:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-08 02:47 - 2017-02-10 22:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-08 02:47 - 2017-02-10 22:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-08 02:47 - 2017-02-10 22:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-08 02:47 - 2017-02-10 22:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-08 02:47 - 2017-02-10 22:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-07 18:09 - 2017-06-07 18:09 - 00000279 _____ C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-06-07 18:07 - 2017-06-07 18:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-07 18:05 - 2017-06-07 18:05 - 00000020 ___SH C:\Users\Panayotis\ntuser.ini
2017-06-07 16:31 - 2017-06-07 16:31 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-07 16:27 - 2017-06-07 16:29 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-07 16:27 - 2017-06-07 16:29 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-07 16:22 - 2017-07-05 21:47 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F2A5FD5D-4279-4228-A3FF-000B8D03438D}
2017-06-07 16:22 - 2017-07-03 19:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-07 16:22 - 2017-07-03 06:05 - 00003118 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-2037305802-3142263928-3064936386-1000
2017-06-07 16:22 - 2017-07-03 06:05 - 00002862 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-06-07 16:22 - 2017-06-29 16:58 - 00003964 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446169366
2017-06-07 16:22 - 2017-06-17 15:55 - 00004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-07 16:22 - 2017-06-14 04:44 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-07 16:22 - 2017-06-07 16:22 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-07 16:22 - 2017-06-07 16:22 - 00003154 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-06-07 16:22 - 2017-06-07 16:22 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-07 16:22 - 2017-06-07 16:22 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2037305802-3142263928-3064936386-1000
2017-06-07 16:22 - 2017-06-07 16:22 - 00002300 _____ C:\WINDOWS\System32\Tasks\sysfresrv32x
2017-06-07 16:22 - 2017-06-07 16:22 - 00002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-06-07 16:22 - 2017-06-07 16:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-07 16:22 - 2017-06-07 16:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-06-07 16:22 - 2017-06-07 16:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-06-07 16:20 - 2017-07-03 19:30 - 01121368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-07 16:10 - 2017-06-07 16:10 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-07 16:10 - 2017-06-07 16:10 - 00000000 ____D C:\ProgramData\USOShared
2017-06-07 16:04 - 2017-06-07 16:12 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-07 16:02 - 2017-07-04 00:21 - 00000000 ____D C:\Users\Panayotis
2017-06-07 16:02 - 2017-06-14 16:50 - 00000000 ____D C:\Users\postgres
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\postgres\My Documents
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\Panayotis\My Documents
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\Panayotis\Documents\My Videos
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\Panayotis\Documents\My Pictures
2017-06-07 16:02 - 2017-06-07 16:02 - 00000000 _SHDL C:\Users\Panayotis\Documents\My Music
2017-06-07 16:02 - 2017-03-18 23:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-07 16:01 - 2017-07-03 08:24 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-06-07 16:01 - 2017-06-07 16:12 - 00000000 ____D C:\Program Files\AMD
2017-06-07 16:01 - 2017-06-07 16:01 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-06-07 16:01 - 2017-06-07 16:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-06-07 15:59 - 2017-07-05 23:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-07 15:59 - 2017-06-26 17:28 - 00386624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-07 14:38 - 2017-07-03 05:56 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-06 14:14 - 2017-06-06 14:14 - 00000000 ____D C:\Users\Panayotis\AppData\Local\UNP
2017-06-06 13:06 - 2017-06-07 16:12 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-06 13:06 - 2017-06-06 13:07 - 00000000 ____D C:\Program Files\UNP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-06 00:29 - 2015-11-11 16:12 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\TeamViewer
2017-07-06 00:14 - 2015-10-31 00:45 - 00000000 ____D C:\Users\Panayotis\AppData\Local\PokerStars.EU
2017-07-06 00:14 - 2015-10-31 00:43 - 00000000 ____D C:\Users\Panayotis\AppData\Local\PokerTracker 4
2017-07-06 00:14 - 2015-10-31 00:41 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4
2017-07-05 23:57 - 2015-10-30 14:27 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Skype
2017-07-05 21:18 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-03 23:45 - 2017-03-19 00:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-03 08:24 - 2017-03-18 14:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-03 06:34 - 2017-02-08 12:22 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2017-07-03 06:34 - 2017-02-08 12:22 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2037305802-3142263928-3064936386-1000.job
2017-07-03 06:33 - 2017-02-14 05:13 - 00000000 ____D C:\Users\Panayotis\Desktop\Poker
2017-07-03 05:57 - 2017-05-22 14:05 - 00000000 ____D C:\Program Files\PDFCreator
2017-07-03 05:56 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-03 05:56 - 2017-03-19 00:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-03 05:56 - 2016-02-02 02:41 - 00000000 ____D C:\Users\Panayotis\AppData\Local\CrashDumps
2017-07-03 05:44 - 2015-10-30 04:32 - 00000000 ____D C:\Users\Panayotis\AppData\Local\Packages
2017-07-02 17:20 - 2015-10-30 22:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-02 17:14 - 2015-11-04 04:44 - 00000000 ____D C:\Users\Panayotis\AppData\Local\Equilab
2017-07-02 15:20 - 2016-12-20 00:27 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-06-30 02:12 - 2016-05-17 21:58 - 00000000 ____D C:\Users\Panayotis\AppData\Local\FluxSoftware
2017-06-29 16:58 - 2015-10-30 04:42 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-29 16:56 - 2016-08-03 12:54 - 00000000 ____D C:\ProgramData\ProductData
2017-06-29 04:00 - 2016-12-24 03:48 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 16:24 - 2017-05-26 04:54 - 00000000 ____D C:\Users\Panayotis\AppData\LocalLow\Mozilla
2017-06-26 16:43 - 2017-05-15 05:18 - 00000000 ____D C:\Users\Panayotis\Desktop\3
2017-06-26 16:31 - 2016-08-03 04:25 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\vlc
2017-06-23 15:15 - 2015-10-31 00:44 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-06-23 02:06 - 2017-05-24 09:10 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-20 13:17 - 2017-03-28 21:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-20 13:17 - 2015-10-30 14:26 - 00000000 ____D C:\ProgramData\Skype
2017-06-20 13:10 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 13:09 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-17 15:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 15:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 18:29 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-14 17:35 - 2015-10-30 08:49 - 00000000 ____D C:\Users\Panayotis\AppData\Local\ElevatedDiagnostics
2017-06-14 16:55 - 2016-11-20 21:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 16:46 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 16:46 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 16:41 - 2016-10-11 16:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 16:41 - 2016-10-11 16:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 15:36 - 2015-10-30 05:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 15:31 - 2017-03-18 23:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 15:31 - 2015-10-30 05:10 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 15:29 - 2016-10-11 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-12 20:03 - 2016-04-30 19:05 - 00000000 ____D C:\Users\Panayotis\AppData\Local\Citrix
2017-06-12 19:58 - 2015-10-30 04:36 - 00000000 __RDO C:\Users\Panayotis\SkyDrive
2017-06-12 19:12 - 2015-11-03 04:19 - 00000000 ____D C:\Users\Panayotis\AppData\Local\Google
2017-06-12 19:12 - 2015-11-03 04:19 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-11 18:41 - 2017-05-24 15:01 - 00000000 ____D C:\Users\Panayotis\AppData\Local\ConnectedDevicesPlatform
2017-06-08 07:52 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-08 02:58 - 2017-03-19 00:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-08 02:56 - 2017-03-19 00:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-08 02:55 - 2017-03-19 00:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-08 02:55 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-08 02:50 - 2017-03-19 05:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-07 18:05 - 2017-03-19 00:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-07 16:30 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-07 16:30 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-07 16:30 - 2017-03-18 14:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-07 16:26 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-07 16:22 - 2017-03-19 05:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-07 16:22 - 2015-10-30 22:10 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-07 16:21 - 2017-03-19 00:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-07 16:12 - 2017-05-25 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-06-07 16:12 - 2017-05-25 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-06-07 16:12 - 2017-05-24 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-07 16:12 - 2017-05-24 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-06-07 16:12 - 2017-05-24 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-07 16:12 - 2017-05-24 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-07 16:12 - 2017-05-22 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 5
2017-06-07 16:12 - 2017-05-22 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2017-06-07 16:12 - 2017-05-10 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRunnersEV3
2017-06-07 16:12 - 2017-01-28 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-06-07 16:12 - 2017-01-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-06-07 16:12 - 2016-11-22 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flopzilla
2017-06-07 16:12 - 2016-10-08 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2017-06-07 16:12 - 2016-09-12 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combonator
2017-06-07 16:12 - 2016-09-05 18:18 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarsHelper
2017-06-07 16:12 - 2016-08-03 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-06-07 16:12 - 2016-06-13 13:06 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-06-07 16:12 - 2016-06-13 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-06-07 16:12 - 2016-05-27 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProPokerTools Odds Oracle
2017-06-07 16:12 - 2016-01-19 20:33 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-07 16:12 - 2016-01-19 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-07 16:12 - 2016-01-11 08:08 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCalcs - husng.com
2017-06-07 16:12 - 2015-10-31 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2017-06-07 16:12 - 2015-10-31 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.4
2017-06-07 16:12 - 2015-10-31 00:42 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2017-06-07 16:10 - 2017-03-19 00:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-07 16:07 - 2017-05-24 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-07 16:07 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-07 16:07 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-07 16:07 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-07 16:07 - 2016-10-18 20:05 - 00000000 ____D C:\WINDOWS\system32\P
2017-06-07 16:07 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-06-07 16:07 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-06-07 16:05 - 2017-05-24 11:47 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-07 16:05 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-07 16:05 - 2017-03-19 00:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-07 16:05 - 2016-04-25 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2017-06-07 16:05 - 2016-01-21 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2017-06-07 16:05 - 2015-10-30 04:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-06-07 16:04 - 2016-02-10 17:16 - 00000000 ____D C:\Users\Panayotis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2017-06-07 16:04 - 2013-08-22 18:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-07 16:01 - 2017-03-18 14:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep

==================== Files in the root of some directories =======

2016-08-03 12:57 - 2016-08-03 12:57 - 0000000 _____ () C:\Users\Panayotis\AppData\Roaming\1.txt
2016-04-26 15:24 - 2016-04-26 15:24 - 0000009 _____ () C:\Users\Panayotis\AppData\Roaming\a.bat
2010-08-28 23:43 - 2010-08-28 23:43 - 0096256 _____ (Google, inc) C:\Users\Panayotis\AppData\Roaming\AdbWinApi.dll
2010-08-28 23:43 - 2010-08-28 23:43 - 0060928 _____ (Google, inc) C:\Users\Panayotis\AppData\Roaming\AdbWinUsbApi.dll
2016-08-03 04:20 - 2016-08-03 04:20 - 7129600 _____ () C:\Users\Panayotis\AppData\Roaming\agent.dat
2016-08-03 04:20 - 2016-08-03 04:20 - 0129024 _____ () C:\Users\Panayotis\AppData\Roaming\Installer.dat
2016-08-03 04:20 - 2016-08-03 04:20 - 0018432 _____ () C:\Users\Panayotis\AppData\Roaming\Main.dat
2016-08-03 04:26 - 2016-08-03 04:26 - 7616340 _____ () C:\Users\Panayotis\AppData\Roaming\setup.apk
2016-08-03 04:26 - 2016-08-03 04:26 - 0732869 _____ () C:\Users\Panayotis\AppData\Roaming\xdo.zip
2016-08-03 04:25 - 2016-02-18 11:10 - 5267952 _____ () C:\Users\Panayotis\AppData\Roaming\ziptool_wc-9015_setup.exe
2015-11-01 21:14 - 2016-02-16 21:42 - 0000158 _____ () C:\Users\Panayotis\AppData\Local\Beast_Manager_settings.ini
2016-08-04 21:58 - 2016-08-04 21:58 - 0003489 _____ () C:\Users\Panayotis\AppData\Local\Equilab.rar
2016-08-03 16:40 - 2016-08-03 16:40 - 0007644 _____ () C:\Users\Panayotis\AppData\Local\Resmon.ResmonCfg
2017-02-08 12:22 - 2017-02-08 12:22 - 0000003 _____ () C:\Users\Panayotis\AppData\Local\updater.log
2017-02-08 12:22 - 2017-05-25 11:23 - 0000425 _____ () C:\Users\Panayotis\AppData\Local\UserProducts.xml
2015-10-31 00:43 - 2015-10-31 00:43 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2016-02-02 19:11 - 2016-02-02 19:11 - 0004099 _____ () C:\ProgramData\kmytnfun.aqy
2016-08-03 20:11 - 2016-08-03 20:11 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-26 17:41

==================== End of FRST.txt ============================

Also attaching the Addition.txt log, and if ADWC works, I'll reply with the log.
Attached Files
File Type: txt Addition.txt (58.3 KB, 12 views)
peters12 is offline  
Sponsored Links
Advertisement
 
Old 07-05-2017, 04:12 PM   #4
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Hey there again, AdwCleaner did end up working after all, so I'm also pasting the contents of the log produced:


# AdwCleaner v6.047 - Logfile created 06/07/2017 at 02:01:16
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-05.1 [Local]
# Operating System : Windows 10 Pro (X64)
# Username : Panayotis - PANAYOTIS-PC
# Running from : C:\Users\Panayotis\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: UCGuard


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Panayotis\AppData\Roaming\gplyra
[-] Folder deleted: C:\Users\Panayotis\AppData\Roaming\Kuaizip
[-] Folder deleted: C:\Users\Panayotis\AppData\Roaming\Softlink
[-] Folder deleted: C:\Users\Panayotis\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ttwifi
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
[-] Folder deleted: C:\Users\Panayotis\AppData\Local\app


***** [ Files ] *****

[-] File deleted: C:\Users\Panayotis\AppData\Roaming\a.bat
[-] File deleted: C:\Users\Panayotis\AppData\Roaming\xdo.zip
[-] File deleted: C:\Users\Panayotis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UC浏览器.lnk
[-] File deleted: C:\WINDOWS\SysNative\reimage.rep
[-] File deleted: C:\WINDOWS\SysNative\bi3.exe
[#] File deleted: C:\WINDOWS\SysNative\drivers\ucguard.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] File deleted: C:\WINDOWS\run.vbs
[-] File deleted: C:\WINDOWS\SysWOW64\kz.exe
[-] File deleted: C:\WINDOWS\rsrcs.dll
[-] File deleted: C:\Users\Panayotis\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Panayotis\AppData\Roaming\Main.dat
[-] File deleted: C:\Users\Panayotis\AppData\Roaming\agent.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ZipTool_FileAsso.Origin
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ZipTool_FileAsso.Origin
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\.DEFAULT\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\osTip
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\ttwifi
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\KuaiZip
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\KuaiZipSFX
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\ZipTool
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Maoha
[-] Key deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\PopWnd
[#] Key deleted on reboot: HKU\S-1-5-18\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\osTip
[#] Key deleted on reboot: HKCU\Software\ttwifi
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\KuaiZip
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\KuaiZipSFX
[#] Key deleted on reboot: HKCU\Software\ZipTool
[#] Key deleted on reboot: HKCU\Software\Maoha
[#] Key deleted on reboot: HKCU\Software\PopWnd
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\ZipTool
[-] Key deleted: HKLM\SOFTWARE\Maoha
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\osTip
[#] Key deleted on reboot: [x64] HKCU\Software\ttwifi
[#] Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] Key deleted on reboot: [x64] HKCU\Software\KuaiZipSFX
[#] Key deleted on reboot: [x64] HKCU\Software\ZipTool
[#] Key deleted on reboot: [x64] HKCU\Software\Maoha
[#] Key deleted on reboot: [x64] HKCU\Software\PopWnd
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gplyra
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [chromebrowser]
[-] Value deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] Value deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [QGuan10in1]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [EYAN]
[-] Value deleted: HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [svchost0]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Key deleted: HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\JZipShlExt
[-] Key deleted: HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\JZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5924 Bytes] - [06/07/2017 02:01:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [5693 Bytes] - [06/07/2017 00:33:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [5735 Bytes] - [06/07/2017 00:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6143 Bytes] ##########


For the record, even after running AdwCleaner, the .txt file still created itself on my desktop.
peters12 is offline  
Old 07-06-2017, 10:11 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello peters12.

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

https://windows.microsoft.com/en-us/w...recovery-drive

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the quotebox into Notepad:

Quote:
@echo off
If exist log.txt del /s/q log.txt
type "C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Panayotis\AppData\Roaming\a.bat.vir" >> log.txt
notepad log.txt
del %0
Save this Notepad file as check.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on check.bat and choose 'Run as administrator' to allow it to run. A new Notepad window will open up. Post its contents in your next reply.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} =>  -> No File
    ContextMenuHandlers01: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
    ContextMenuHandlers01: [JZContextMenuExt] -> {9175E343-1C41-4490-B178-14F36504F07E} =>  -> No File
    ContextMenuHandlers01: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} =>  -> No File
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    ContextMenuHandlers02: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
    ContextMenuHandlers02: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} =>  -> No File
    ContextMenuHandlers04: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
    ContextMenuHandlers04: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} =>  -> No File
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
    Task: {048308BE-EA74-40B3-8D65-61EE898BFB3B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {203820DA-3529-4E67-A060-256E2C7D9B2E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {39915452-AA5C-48E3-A0E2-AF1ADFE90583} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {42FDDDC2-5A94-43D2-B434-9A25F9EE26CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {66F67D47-F8FE-47C4-B921-0091EB8AFF10} - no filepath
    Task: {90A7CB3C-886A-4754-BB8F-3346910C103F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {AFC8FDE8-918C-4310-A719-02B8EFC60CB0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C3B78121-3F62-4425-B05C-18DAD2F2FA56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {C824091E-6433-4E9A-B138-07A6872BBF9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CE364EA7-6D3B-42DE-A47A-0B37CBED7057} - \WPD\SqmUpload_S-1-5-21-2037305802-3142263928-3064936386-1000 -> No File <==== ATTENTION
    Task: {D6B1F4E8-19BB-452F-B938-E86337E08855} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: {E449AADF-08D4-4986-8388-23B8D51140B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E7C55A67-7797-4770-A4AE-7FD8A93EF01E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {EA5C221C-CF57-4EDD-BBDE-CBD1A1349A71} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
    AlternateDataStreams: C:\Users\Panayotis\Desktop\desktop.ini:gs5sys [3074]
    AlternateDataStreams: C:\Users\Panayotis\Documents\desktop.ini:gs5sys [3074]
    GroupPolicyScripts: Restriction <==== ATTENTION
    FF ProfilePath: C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default [2017-06-27] <==== ATTENTION
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-08-04] ()
    R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
    2015-10-31 00:43 - 2015-10-31 00:43 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
    2016-02-02 19:11 - 2016-02-02 19:11 - 0004099 _____ () C:\ProgramData\kmytnfun.aqy
    2016-08-03 20:11 - 2016-08-03 20:11 - 0000016 _____ () C:\ProgramData\mntemp
    Reg: reg delete HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Gyazo" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-07-2017, 08:08 AM   #6
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Hello again!
Run the check.back as an administrator, not sure if it's working intended or not. I've attached a small screenshot of the command that it executes.
Imgur: The most awesome images on the Internet

The notepad log that running it creates is empty - no contents at all.

Here is the log that resulted from executing the second part of your reply:

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by Panayotis (07-07-2017 17:52:03) Run:1
Running from C:\Users\Panayotis\Desktop\Supportive programs
Loaded Profiles: Panayotis (Available Profiles: Panayotis & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => -> No File
ContextMenuHandlers01: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File
ContextMenuHandlers01: [JZContextMenuExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> No File
ContextMenuHandlers01: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers02: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File
ContextMenuHandlers02: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> No File
ContextMenuHandlers04: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => -> No File
ContextMenuHandlers04: [JZipShlExt] -> {9175E343-1C41-4490-B178-14F36504F07E} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {048308BE-EA74-40B3-8D65-61EE898BFB3B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {203820DA-3529-4E67-A060-256E2C7D9B2E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {39915452-AA5C-48E3-A0E2-AF1ADFE90583} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {42FDDDC2-5A94-43D2-B434-9A25F9EE26CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {66F67D47-F8FE-47C4-B921-0091EB8AFF10} - no filepath
Task: {90A7CB3C-886A-4754-BB8F-3346910C103F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AFC8FDE8-918C-4310-A719-02B8EFC60CB0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C3B78121-3F62-4425-B05C-18DAD2F2FA56} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C824091E-6433-4E9A-B138-07A6872BBF9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CE364EA7-6D3B-42DE-A47A-0B37CBED7057} - \WPD\SqmUpload_S-1-5-21-2037305802-3142263928-3064936386-1000 -> No File <==== ATTENTION
Task: {D6B1F4E8-19BB-452F-B938-E86337E08855} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {E449AADF-08D4-4986-8388-23B8D51140B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E7C55A67-7797-4770-A4AE-7FD8A93EF01E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EA5C221C-CF57-4EDD-BBDE-CBD1A1349A71} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\Users\Panayotis\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Panayotis\Documents\desktop.ini:gs5sys [3074]
GroupPolicyScripts: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default [2017-06-27] <==== ATTENTION
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-08-04] ()
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-07-21] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
2015-10-31 00:43 - 2015-10-31 00:43 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2016-02-02 19:11 - 2016-02-02 19:11 - 0004099 _____ () C:\ProgramData\kmytnfun.aqy
2016-08-03 20:11 - 2016-08-03 20:11 - 0000016 _____ () C:\ProgramData\mntemp
Reg: reg delete HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Gyazo" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\JzShlobj => key removed successfully
HKLM\Software\Classes\CLSID\{7B286609-DA97-47E1-AC6B-33B8B4732C95} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\KuaiZipShlExt => key not found.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\JZContextMenuExt => key removed successfully
HKLM\Software\Classes\CLSID\{9175E343-1C41-4490-B178-14F36504F07E} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\JZipShlExt => key removed successfully
HKLM\Software\Classes\CLSID\{9175E343-1C41-4490-B178-14F36504F07E} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\KuaiZipShlExt => key not found.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\JZipShlExt => key not found.
HKLM\Software\Classes\CLSID\{9175E343-1C41-4490-B178-14F36504F07E} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\KuaiZipShlExt => key not found.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\JZipShlExt => key not found.
HKLM\Software\Classes\CLSID\{9175E343-1C41-4490-B178-14F36504F07E} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{048308BE-EA74-40B3-8D65-61EE898BFB3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{048308BE-EA74-40B3-8D65-61EE898BFB3B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{203820DA-3529-4E67-A060-256E2C7D9B2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{203820DA-3529-4E67-A060-256E2C7D9B2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39915452-AA5C-48E3-A0E2-AF1ADFE90583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39915452-AA5C-48E3-A0E2-AF1ADFE90583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42FDDDC2-5A94-43D2-B434-9A25F9EE26CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42FDDDC2-5A94-43D2-B434-9A25F9EE26CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66F67D47-F8FE-47C4-B921-0091EB8AFF10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66F67D47-F8FE-47C4-B921-0091EB8AFF10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{90A7CB3C-886A-4754-BB8F-3346910C103F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90A7CB3C-886A-4754-BB8F-3346910C103F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFC8FDE8-918C-4310-A719-02B8EFC60CB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC8FDE8-918C-4310-A719-02B8EFC60CB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3B78121-3F62-4425-B05C-18DAD2F2FA56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B78121-3F62-4425-B05C-18DAD2F2FA56} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C824091E-6433-4E9A-B138-07A6872BBF9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C824091E-6433-4E9A-B138-07A6872BBF9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE364EA7-6D3B-42DE-A47A-0B37CBED7057} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE364EA7-6D3B-42DE-A47A-0B37CBED7057} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2037305802-3142263928-3064936386-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6B1F4E8-19BB-452F-B938-E86337E08855} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6B1F4E8-19BB-452F-B938-E86337E08855} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E449AADF-08D4-4986-8388-23B8D51140B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E449AADF-08D4-4986-8388-23B8D51140B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7C55A67-7797-4770-A4AE-7FD8A93EF01E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7C55A67-7797-4770-A4AE-7FD8A93EF01E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA5C221C-CF57-4EDD-BBDE-CBD1A1349A71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5C221C-CF57-4EDD-BBDE-CBD1A1349A71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
C:\ProgramData\Templates => ":gs5sys" ADS removed successfully.
C:\Users\Panayotis\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Panayotis\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default => moved successfully
C:\Users\Panayotis\AppData\Roaming\Profiles\1t4kgdgy.default => path removed successfully
HKLM\System\CurrentControlSet\Services\hitmanpro37 => key removed successfully
hitmanpro37 => service removed successfully
UCGuard => service not found.
C:\ProgramData\flwjycbm.bab => moved successfully
C:\ProgramData\kmytnfun.aqy => moved successfully
C:\ProgramData\mntemp => moved successfully

========= reg delete HKU\S-1-5-21-2037305802-3142263928-3064936386-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Gyazo" /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35231075 B
Java, Flash, Steam htmlcache => 360104790 B
Windows/system/drivers => 145626524 B
Edge => 12167 B
Chrome => 174080 B
Firefox => 6843490 B
Opera => 394962029 B

Temp, IE cache, history, cookies, recent:
Default => 10050 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3926 B
LocalService => 0 B
NetworkService => 2942 B
Panayotis => 1547896491 B
postgres => 0 B

RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:53:22 ====


For the record, the .txt ErrorLog created itself as it always does after the forced system reboot by FRST.exe.
peters12 is offline  
Old 07-07-2017, 09:31 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, peters12.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-09-2017, 01:09 AM   #8
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Uhhhh
peters12 is offline  
Old 07-09-2017, 01:13 AM   #9
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Ok so, replying apparently worked but, it's still not working when I try to paste the two logs and then reply - not sure if this is some problem with the size of the message or something, but it's not getting through. I've attached both of the logs to this message, not sure if this is ok or not, let me know please :)
Attached Files
File Type: txt chemist.txt (96.3 KB, 9 views)
File Type: txt chemist1.txt (894 Bytes, 11 views)
peters12 is offline  
Old 07-09-2017, 02:29 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, peters12. Yes, there is a character limit for each post, so no worries.

Almost done. How is the machine behaving?

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    C:\Users\Panayotis\AppData\Roaming\setup.apk	
    C:\Users\Panayotis\SkyDrive\Έγγραφα\PT-Install-v4.14.20.exe
    Hosts:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-09-2017, 06:47 PM   #11
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Hey there again :)

The machine is behaving... Normally I guess I'd say, I can't say I've noticed any difference, maybe it's slightly faster but I can't say it's something that I've noticed. The SpinProgramErrorLog.txt file keeps on creating itself on my desktop every time that I start up my computer, still. I always delete the file as soon I start up and it gets auto-created, I delete it, next time I power up, it's autocreated again. So that's still happening, so I'm not sure if that's a good sign or not, I'm guessing not, especially since I still have no idea what is causing that. Besides that, I'll paste the Fixlog that was generated by doing what you instructed me to in your last reply. Here you go:


Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Panayotis (10-07-2017 04:32:01) Run:2
Running from C:\Users\Panayotis\Desktop\Supportive programs
Loaded Profiles: Panayotis (Available Profiles: Panayotis & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
C:\Users\Panayotis\AppData\Roaming\setup.apk
C:\Users\Panayotis\SkyDrive\????afa\PT-Install-v4.14.20.exe
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Users\Panayotis\AppData\Roaming\setup.apk => moved successfully
"C:\Users\Panayotis\SkyDrive\????afa\PT-Install-v4.14.20.exe" => not found.
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12795944 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 13827794 B
Edge => 12541 B
Chrome => 17038325 B
Firefox => 0 B
Opera => 372227561 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 6472 B
Panayotis => 145173530 B
postgres => 0 B

RecycleBin => 0 B
EmptyTemp: => 541.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:32:55 ====
peters12 is offline  
Old 07-09-2017, 11:27 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, peters12. No results are showing after google searchs of that SpinProgramErrorLog.txt file. Weird.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    SpinProgramErrorLog.*
    :regfind
    Spin
    Program
    Error
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
  • If the log is too big to post, please attach it to your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-10-2017, 08:00 AM   #13
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Hey there again, run systemlook as you instructed me to, and it found a ton of hits. I've included the .txt log in a zip format because it was too big to attach even as a .txt :)
Attached Files
File Type: rar SystemLook.rar (860.6 KB, 12 views)
peters12 is offline  
Old 07-10-2017, 09:21 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, peters12. I'm not seeing what is causing that specific log to be produced.

If that is your only remaining problem, it appears to be beyond malware.

Any other remaining problems? If not, let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-10-2017, 11:14 PM   #15
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Good morning chemist, once more, thank you a lot for your continued help. I don't "think" I have any remaining problems, but then again, I'm probably not qualified to judge that considering the fact my computer was infected with malware, spyware, and whatnot, keyloggers etc. Good job on my part. Anyhow, I guess that it's something that the errorlog seems to be beyond malware. So, you can give me final instruction, and, if I may request, please leave me some advice on how to properly protect my computer and how to properly run security checks and scans daily to make sure my computer is protected and not infected with any kind of keyloggers, malware, adware, spyware, whatever - I need to know my computer is safe, it's a very essential part of my day-to-day to job, so more like my life, because I work online/on the computer. So, that'd be great, if you could leave me with some advice and your final instructions. Once again, thank you a lot for your help, friend.
peters12 is offline  
Old 07-12-2017, 12:58 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, peters12. You're very welcome.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2017, 08:19 PM   #17
Registered Member
 
Join Date: Jul 2017
Posts: 10
OS: Windows 10



Awesome, thank you a lot for your assistance, I much appreciate it. I'll make sure to follow the measures you instructed me to, and check out the articles you've provided links for. Thank you again! ^^
peters12 is offline  
Old 07-13-2017, 01:32 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, peters12! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspected virus in hard drive
I'm not really sure what kind of virus it is because my antivirus won't detect it anymore. I got it from my friend's memory card (Micro SD) when I attempted to clean it. Ever since, I've observed unusual things going on in my laptop. Whenever I uninstall a program, the free disk space in my drive...
Ellenjane Inactive Malware Help Topics 2 11-14-2013 07:09 AM
I scanned =o
Hi. I was redirected from this thread and told to virus scan and stuff. So here it is! Dds: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0 Run by Pojo at 11:59:08 on 2012-09-28 Microsoft Windows 7 Home Premium ...
Paranite Resolved HJT Threads 18 10-21-2012 07:25 AM
The startsear.ch virus
Hi, I recently discovered my computer has been infected by this virus. I looked through some of the threads already posted on this issue, but I am not incredibly savy with logs and registry keys so I was hoping someone could help me do this step by step to make sure I can remove this correctly...
Xeneisez Resolved HJT Threads 24 11-14-2011 03:54 AM
dwm.exe / csrss.exe / conhost.exe?
I am trying to clean up this computer for a friend - unfortunately someone else has already been messing around with it and trying to sort it out (I found various cleanup programs on the desktop) but to no avail. As far as I can see/have been told the symptoms have been - Hiding all documents...
lm03929z Resolved HJT Threads 20 05-09-2011 03:42 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:29 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts