Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some sort of re-direct virus/spyware on Firefox


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dmasterman

Dmasterman

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 15 August 2017 - 02:10 AM

So I have Firefox and apparently I caught some kind of bug on it. As I am not seeing this on other browsers.

Essentially there is some strange redirect bug that seems to redirect me to these virus ridden redirect sites:

http://putrr18.com
or
http://pipeschannels.com/471151/

 

which then redirect me to some ad or spam or virus page.

The virus doesn't always do this (i.e. sometimes the internet browsing runs smoothly) but obnoxiously enough to be bothersome. Clicking on clickables or sometimes even a black space will cause the redirect.

 

I've refreshed firefox, ran various malware and virus scanners and it hasn't picked up whatever is causing this. Some other sites report to remove the virus.. But again, I do not see any malicious or strange programs or anything related to what could be generating this.

 

My only solution I've found is just installing a brand new firefox and importing my history and bookmarks, however there is a chance I might also import this thing as well. I also do not see any malicious add ons or extensions either.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 15 August 2017 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 17 August 2017 - 03:02 AM

will do this asap soon as I'm on my next day off! Lot to do



#4 Dmasterman

Dmasterman
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 17 August 2017 - 09:09 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/17/17
Scan Time: 3:43 AM
Log File: lg.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2606
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1593)
CPU: x64
File System: NTFS
User: LENOVO-PC\dmast_000

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437401
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 23 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
RiskWare.GameHack.Generic, C:\USERS\DMAST_000\DESKTOP\OLD PC RIGHT\DESKTOP\DEAD OR ALIVE 5 LAST ROUND V1.02-V1.02A PLUS 9 TRAINER.EXE, No Action By User, [1702], [339459],1.0.2606
RiskWare.GameHack.Generic, C:\USERS\DMAST_000\DESKTOP\OLD PC RIGHT\DESKTOP\DRAGON BALL XENOVERSE V1.0-UPDATE 6 PLUS 14 TRAINER.EXE, No Action By User, [1702], [339459],1.0.2606
RiskWare.GameHack.Generic, C:\USERS\DMAST_000\DESKTOP\OLD PC RIGHT\DOCUMENTS\DRAGON BALL XENOVERSE V1.0-UPDATE 6 PLUS 14 TRAINER.EXE, No Action By User, [1702], [339459],1.0.2606

Physical Sector: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-08-2017
Ran by dmast_000 (administrator) on LENOVO-PC (17-08-2017 03:36:31)
Running from C:\Users\dmast_000\Downloads
Loaded Profiles: dmast_000 (Available Profiles: dmast_000)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Windows\jmesoft\Service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1442102246\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
Failed to access process -> aim.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\shellmon.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\AOLBrowser\AolBrowserTab.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1442102246\ee\AOLDesktop.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(© LINE Corporation) C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\LINE_APP.exe
() C:\Program Files\WindowsApps\NAVER.LINEwin8_5.5.2.0_x64__8ptj331gd3tyt\VoipHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-12] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [415120 2015-08-31] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1442102246\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3651379580-3864678249-3458668711-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4156312 2017-02-23] (AOL Inc.)
HKU\S-1-5-21-3651379580-3864678249-3458668711-1001\...\Run: [BitTorrent] => C:\Users\dmast_000\AppData\Roaming\BitTorrent\BitTorrent.exe [2150088 2017-07-02] (BitTorrent Inc.)
HKU\S-1-5-21-3651379580-3864678249-3458668711-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [80816 2016-09-22] (AOL Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7098427d-5c20-4ad1-982e-19fb831d62e7}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{a8a8d87d-af87-479d-a08f-0c6be00dc53e}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3651379580-3864678249-3458668711-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3651379580-3864678249-3458668711-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 98qhag7g.default-1501978103421
FF ProfilePath: C:\Users\dmast_000\AppData\Roaming\Mozilla\Firefox\Profiles\98qhag7g.default-1501978103421 [2017-08-17]
FF Extension: (Adblock Plus) - C:\Users\dmast_000\AppData\Roaming\Mozilla\Firefox\Profiles\98qhag7g.default-1501978103421\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-05]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-02] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-09-10] (Avast Software)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-02] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-07-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-20] (GenesysLogic)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-16] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-02] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-09-10] (AVAST Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-09-10] (Avast Software)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2017-03-18] () [File not signed]
R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 03:36 - 2017-08-17 03:37 - 000022851 _____ C:\Users\dmast_000\Downloads\FRST.txt
2017-08-17 03:36 - 2017-08-17 03:36 - 002395648 _____ (Farbar) C:\Users\dmast_000\Downloads\FRST64.exe
2017-08-17 03:36 - 2017-08-17 03:36 - 000000000 ____D C:\FRST
2017-08-16 22:17 - 2017-08-16 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-08-16 22:03 - 2017-08-16 22:05 - 008185288 _____ (Malwarebytes) C:\Users\dmast_000\Downloads\adwcleaner_7.0.1.0.exe
2017-08-16 00:50 - 2017-08-16 22:28 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-16 00:50 - 2017-08-16 22:13 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-16 00:50 - 2017-08-16 22:13 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-16 00:50 - 2017-08-16 22:13 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-16 00:50 - 2017-08-16 00:50 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-08-16 00:50 - 2017-08-16 00:50 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-16 00:50 - 2017-08-16 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-16 00:50 - 2017-08-16 00:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-16 00:50 - 2017-08-16 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-16 00:50 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-16 00:48 - 2017-08-16 00:49 - 065033984 _____ (Malwarebytes ) C:\Users\dmast_000\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-12 21:05 - 2017-08-12 21:05 - 015702104 _____ C:\Users\dmast_000\Desktop\20749409_1900725506861353_4204652766649384960_n.mp4
2017-08-12 14:04 - 2017-08-12 14:04 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-11 23:57 - 2017-08-17 02:46 - 000000000 ____D C:\Users\dmast_000\Downloads\Lakita Harry Smith
2017-08-11 17:34 - 2017-08-11 17:34 - 000000000 ____D C:\Users\dmast_000\Downloads\Harmon Quest - Season 1
2017-08-10 01:36 - 2017-02-18 00:38 - 155267623 _____ C:\Users\dmast_000\Downloads\TickleJapan​ - Hana's Tickle Torture featuring Kaorin.wmv
2017-08-08 23:20 - 2017-08-08 23:20 - 000000330 _____ C:\Users\dmast_000\Desktop\Images.URL
2017-08-08 22:21 - 2017-08-01 09:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-08 22:21 - 2017-08-01 09:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-08 22:21 - 2017-08-01 09:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-08-08 22:21 - 2017-08-01 09:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-08 22:21 - 2017-08-01 09:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-08 22:21 - 2017-08-01 09:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-08 22:21 - 2017-08-01 09:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-08 22:21 - 2017-08-01 09:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-08 22:21 - 2017-08-01 09:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-08 22:21 - 2017-08-01 09:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-08 22:21 - 2017-08-01 09:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-08 22:21 - 2017-08-01 09:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-08 22:21 - 2017-08-01 09:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-08 22:21 - 2017-08-01 09:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-08 22:21 - 2017-08-01 09:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-08 22:21 - 2017-08-01 09:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-08 22:21 - 2017-08-01 08:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-08 22:21 - 2017-08-01 08:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-08 22:21 - 2017-08-01 08:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-08 22:21 - 2017-08-01 08:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-08 22:21 - 2017-08-01 08:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-08 22:21 - 2017-08-01 08:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-08 22:21 - 2017-08-01 08:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-08 22:21 - 2017-08-01 08:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-08 22:21 - 2017-08-01 08:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-08 22:21 - 2017-08-01 08:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-08-08 22:21 - 2017-08-01 08:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-08 22:21 - 2017-08-01 08:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-08-08 22:21 - 2017-08-01 08:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-08 22:21 - 2017-08-01 08:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-08 22:21 - 2017-08-01 08:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-08 22:21 - 2017-08-01 08:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-08 22:21 - 2017-08-01 08:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-08 22:21 - 2017-08-01 08:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-08 22:21 - 2017-08-01 08:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-08 22:21 - 2017-08-01 08:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-08 22:21 - 2017-08-01 08:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-08 22:21 - 2017-08-01 08:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-08 22:21 - 2017-08-01 08:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-08 22:21 - 2017-08-01 08:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-08 22:21 - 2017-08-01 08:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-08 22:21 - 2017-08-01 08:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-08 22:21 - 2017-08-01 07:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-08 22:21 - 2017-08-01 07:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-08-08 22:21 - 2017-08-01 07:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-08 22:21 - 2017-08-01 07:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-08 22:21 - 2017-08-01 07:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-08 22:21 - 2017-08-01 07:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-08 22:21 - 2017-08-01 07:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-08 22:21 - 2017-08-01 07:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-08 22:21 - 2017-08-01 07:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-08 22:21 - 2017-08-01 07:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-08 22:21 - 2017-08-01 07:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-08 22:21 - 2017-08-01 07:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-08 22:21 - 2017-08-01 07:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-08 22:21 - 2017-08-01 07:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-08 22:21 - 2017-08-01 07:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-08 22:21 - 2017-08-01 07:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-08 22:21 - 2017-08-01 07:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-08 22:21 - 2017-08-01 07:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-08 22:21 - 2017-08-01 07:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-08 22:21 - 2017-08-01 06:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-08 22:21 - 2017-08-01 06:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-08 22:21 - 2017-08-01 06:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-08 22:21 - 2017-08-01 06:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-08-08 22:21 - 2017-08-01 06:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-08-08 22:21 - 2017-08-01 06:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-08 22:21 - 2017-08-01 06:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-08 22:21 - 2017-08-01 06:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-08 22:21 - 2017-08-01 06:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-08 22:21 - 2017-08-01 06:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-08 22:21 - 2017-08-01 06:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-08 22:21 - 2017-08-01 06:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-08 22:21 - 2017-08-01 06:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-08-08 22:21 - 2017-08-01 06:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-08 22:21 - 2017-08-01 06:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-08 22:21 - 2017-08-01 06:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-08 22:21 - 2017-08-01 06:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-08 22:21 - 2017-08-01 06:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-08 22:21 - 2017-08-01 06:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-08 22:21 - 2017-08-01 06:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-08 22:21 - 2017-08-01 06:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-08 22:21 - 2017-08-01 06:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-08 22:21 - 2017-08-01 06:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-08 22:21 - 2017-08-01 06:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-08 22:21 - 2017-08-01 06:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-08 22:21 - 2017-08-01 06:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-08 22:21 - 2017-08-01 06:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-08 22:21 - 2017-08-01 06:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-08 22:21 - 2017-08-01 06:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-08 22:21 - 2017-08-01 06:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-08 22:21 - 2017-08-01 06:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-08 22:21 - 2017-08-01 06:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-08 22:21 - 2017-08-01 06:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-08 22:21 - 2017-08-01 06:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-08 22:21 - 2017-08-01 06:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-08 22:21 - 2017-08-01 06:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-08 22:21 - 2017-08-01 06:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-08 22:21 - 2017-08-01 06:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-08 22:21 - 2017-08-01 06:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-08-08 22:21 - 2017-08-01 06:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-08 22:21 - 2017-08-01 06:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-08 22:21 - 2017-08-01 06:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-08 22:21 - 2017-08-01 06:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-08 22:21 - 2017-08-01 06:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-08 22:21 - 2017-08-01 06:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-08 22:21 - 2017-08-01 06:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-08 22:21 - 2017-08-01 06:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-08 22:21 - 2017-08-01 06:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-08 22:21 - 2017-08-01 06:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-08 22:21 - 2017-08-01 06:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-08 22:21 - 2017-08-01 06:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-08 22:21 - 2017-08-01 06:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-08 22:21 - 2017-08-01 06:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-08 22:21 - 2017-08-01 06:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-08-08 22:21 - 2017-08-01 06:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-08 22:21 - 2017-08-01 06:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-08 22:21 - 2017-08-01 06:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-08 22:21 - 2017-08-01 04:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-08 22:21 - 2017-07-11 20:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-08 22:21 - 2017-07-11 20:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-08 22:21 - 2017-07-11 20:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-08 22:21 - 2017-07-11 20:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-08 22:21 - 2017-07-11 20:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-08 22:21 - 2017-07-11 20:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-08 22:21 - 2017-07-11 20:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-08 22:21 - 2017-07-11 20:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-08 22:21 - 2017-07-11 20:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-08 22:21 - 2017-07-11 20:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-08 22:21 - 2017-07-11 19:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-08 22:21 - 2017-07-11 19:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-08 22:21 - 2017-07-11 19:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-08 22:21 - 2017-07-11 19:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-08 22:21 - 2017-07-11 19:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-08 22:21 - 2017-07-11 19:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-08 22:21 - 2017-07-11 19:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-08 22:21 - 2017-07-11 19:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-08 22:21 - 2017-07-11 19:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-08 22:21 - 2017-07-11 19:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-08 22:21 - 2017-07-11 19:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-08 22:21 - 2017-07-11 19:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-08 22:21 - 2017-07-11 19:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-08 22:21 - 2017-07-11 19:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-08 22:21 - 2017-07-11 19:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-08 22:21 - 2017-07-11 19:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-08 22:21 - 2017-07-11 19:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-08 22:21 - 2017-07-11 19:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-08 22:21 - 2017-07-11 19:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-08 22:21 - 2017-07-11 19:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-08 22:21 - 2017-07-11 19:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-08 22:21 - 2017-07-11 19:21 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-08-08 22:21 - 2017-07-11 19:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-08 22:21 - 2017-07-11 19:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-08 22:21 - 2017-07-11 19:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-08 22:21 - 2017-07-11 19:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-08 22:21 - 2017-07-11 19:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-08 22:21 - 2017-07-11 19:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-08 22:21 - 2017-07-11 19:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-08 22:21 - 2017-07-11 19:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-08 22:21 - 2017-07-11 19:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-08 22:21 - 2017-07-11 19:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-08 22:21 - 2017-07-11 19:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-08 22:21 - 2017-07-11 19:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-08 22:21 - 2017-07-11 19:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-08 22:21 - 2017-07-11 19:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-08 22:21 - 2017-07-11 19:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-08 22:21 - 2017-07-11 19:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-08 22:21 - 2017-07-11 19:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-08 22:21 - 2017-07-11 18:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-08 22:21 - 2017-07-11 18:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-08 22:21 - 2017-07-11 16:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-08 22:21 - 2017-03-03 20:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-08 22:20 - 2017-08-01 09:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-08 22:20 - 2017-08-01 09:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-08 22:20 - 2017-08-01 09:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-08 22:20 - 2017-08-01 09:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-08 22:20 - 2017-08-01 09:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-08 22:20 - 2017-08-01 09:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-08 22:20 - 2017-08-01 09:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-08 22:20 - 2017-08-01 09:21 - 000124072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-08 22:20 - 2017-08-01 09:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-08 22:20 - 2017-08-01 09:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-08 22:20 - 2017-08-01 09:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-08 22:20 - 2017-08-01 09:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-08 22:20 - 2017-08-01 09:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-08 22:20 - 2017-08-01 09:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-08 22:20 - 2017-08-01 09:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-08 22:20 - 2017-08-01 09:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-08 22:20 - 2017-08-01 09:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-08 22:20 - 2017-08-01 09:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-08 22:20 - 2017-08-01 08:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-08 22:20 - 2017-08-01 08:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-08 22:20 - 2017-08-01 08:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-08 22:20 - 2017-08-01 08:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-08 22:20 - 2017-08-01 08:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-08-08 22:20 - 2017-08-01 08:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-08 22:20 - 2017-08-01 08:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-08 22:20 - 2017-08-01 08:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-08 22:20 - 2017-08-01 08:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-08 22:20 - 2017-08-01 08:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-08-08 22:20 - 2017-08-01 08:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-08 22:20 - 2017-08-01 08:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-08 22:20 - 2017-08-01 08:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-08 22:20 - 2017-08-01 08:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-08 22:20 - 2017-08-01 08:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-08 22:20 - 2017-08-01 08:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-08 22:20 - 2017-08-01 08:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-08 22:20 - 2017-08-01 08:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-08 22:20 - 2017-08-01 08:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-08 22:20 - 2017-08-01 08:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-08 22:20 - 2017-08-01 08:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-08 22:20 - 2017-08-01 08:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-08 22:20 - 2017-08-01 08:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-08 22:20 - 2017-08-01 08:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-08 22:20 - 2017-08-01 08:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-08 22:20 - 2017-08-01 08:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-08 22:20 - 2017-08-01 08:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-08 22:20 - 2017-08-01 08:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-08 22:20 - 2017-08-01 08:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-08-08 22:20 - 2017-08-01 08:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-08 22:20 - 2017-08-01 08:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-08 22:20 - 2017-08-01 08:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-08 22:20 - 2017-08-01 08:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-08 22:20 - 2017-08-01 08:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-08 22:20 - 2017-08-01 08:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-08 22:20 - 2017-08-01 08:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-08 22:20 - 2017-08-01 08:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-08 22:20 - 2017-08-01 08:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-08 22:20 - 2017-08-01 08:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-08 22:20 - 2017-08-01 08:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-08 22:20 - 2017-08-01 08:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-08 22:20 - 2017-08-01 08:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-08 22:20 - 2017-08-01 08:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-08 22:20 - 2017-08-01 08:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-08 22:20 - 2017-08-01 08:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-08 22:20 - 2017-08-01 08:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-08-08 22:20 - 2017-08-01 08:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-08 22:20 - 2017-08-01 08:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-08 22:20 - 2017-08-01 08:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-08 22:20 - 2017-08-01 08:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-08 22:20 - 2017-08-01 08:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-08 22:20 - 2017-08-01 08:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-08 22:20 - 2017-08-01 08:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-08 22:20 - 2017-08-01 08:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-08-08 22:20 - 2017-08-01 08:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-08 22:20 - 2017-08-01 08:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-08 22:20 - 2017-08-01 08:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-08-08 22:20 - 2017-08-01 08:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-08 22:20 - 2017-08-01 08:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-08 22:20 - 2017-08-01 06:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-08 22:20 - 2017-08-01 06:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-08 22:20 - 2017-08-01 06:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-08 22:20 - 2017-08-01 06:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-08 22:20 - 2017-08-01 06:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-08 22:20 - 2017-08-01 06:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-08 22:20 - 2017-08-01 06:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-08 22:20 - 2017-07-11 20:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-08 22:20 - 2017-07-11 20:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-08 22:20 - 2017-07-11 20:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-08 22:20 - 2017-07-11 20:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-08 22:20 - 2017-07-11 20:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-08 22:20 - 2017-07-11 20:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-08 22:20 - 2017-07-11 20:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-08 22:20 - 2017-07-11 19:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-08 22:20 - 2017-07-11 19:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-08 22:20 - 2017-07-11 19:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-08 22:20 - 2017-07-11 19:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-08 22:20 - 2017-07-11 19:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-08 22:20 - 2017-07-11 19:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-08 22:20 - 2017-07-11 19:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-08 22:20 - 2017-07-11 19:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-08 22:20 - 2017-07-11 19:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-08 22:20 - 2017-07-11 19:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-08 22:20 - 2017-07-11 19:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-08 22:20 - 2017-07-11 19:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-08 22:20 - 2017-07-11 19:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-08 22:20 - 2017-07-11 19:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-08 22:20 - 2017-07-11 19:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-08 22:20 - 2017-07-11 19:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-08 22:20 - 2017-07-11 19:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-08 22:20 - 2017-07-11 19:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-08 22:20 - 2017-07-11 19:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-08 22:20 - 2017-07-11 19:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-08 22:20 - 2017-07-11 19:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-08 22:20 - 2017-07-11 19:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-08 22:20 - 2017-07-11 19:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-08 22:20 - 2017-07-11 19:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-08 22:20 - 2017-07-11 19:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-08 22:20 - 2017-07-11 19:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-08 22:20 - 2017-07-11 19:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-08 22:20 - 2017-07-11 19:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-08 22:20 - 2017-07-11 19:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-08 22:20 - 2017-07-11 19:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-08 22:20 - 2017-07-11 19:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-08 22:20 - 2017-07-11 19:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-08 22:20 - 2017-07-11 19:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-08 22:20 - 2017-07-11 19:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-08 22:20 - 2017-07-11 19:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-08 22:20 - 2017-07-11 19:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-08 22:20 - 2017-07-11 19:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-08 22:20 - 2017-07-11 19:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-08 22:20 - 2017-07-11 18:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-08 22:20 - 2017-07-11 18:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-08 22:20 - 2017-07-11 18:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-08 22:20 - 2017-07-11 18:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-08 22:20 - 2017-07-11 18:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-08 22:20 - 2017-07-11 18:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-08 22:20 - 2017-03-03 20:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-08 22:20 - 2017-03-03 20:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-08 22:20 - 2017-03-03 20:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-08 22:20 - 2017-03-03 20:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-08 22:20 - 2017-03-03 20:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-04 11:58 - 2017-08-04 11:58 - 000000000 ____D C:\Users\dmast_000\Downloads\Adventure Time - Season 8
2017-07-28 00:48 - 2017-08-12 14:04 - 000002268 _____ C:\Users\dmast_000\Desktop\Discord.lnk
2017-07-28 00:48 - 2017-08-12 14:04 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\discord
2017-07-28 00:48 - 2017-08-12 14:04 - 000000000 ____D C:\Users\dmast_000\AppData\Local\Discord
2017-07-28 00:48 - 2017-07-28 00:48 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-07-28 00:48 - 2017-07-28 00:48 - 000000000 ____D C:\Users\dmast_000\AppData\Local\SquirrelTemp
2017-07-27 00:58 - 2017-07-27 00:58 - 000001929 _____ C:\Users\Public\Desktop\DOOM II.lnk
2017-07-27 00:58 - 2017-07-27 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOOM II with Master Levels [GOG.com]
2017-07-27 00:58 - 2017-07-27 00:58 - 000000000 ____D C:\GOG Games
2017-07-27 00:20 - 2017-07-27 00:20 - 018448397 _____ (Zandronum) C:\Users\dmast_000\Downloads\zandronum2.1.2-win32-installer.exe
2017-07-24 00:25 - 2017-07-24 00:25 - 000057018 _____ C:\Users\dmast_000\Downloads\David Fines Resume  Fin doc word.pdf
2017-07-24 00:25 - 2016-12-04 10:45 - 000065536 _____ C:\Users\dmast_000\Desktop\David Fines Resume 1.pdf
2017-07-22 20:22 - 2017-07-22 20:24 - 000000000 ____D C:\Users\dmast_000\Documents\1500790898356
2017-07-22 20:22 - 2017-07-22 20:22 - 000085796 _____ C:\Users\dmast_000\Documents\1500790898356.zip
2017-07-19 21:46 - 2017-07-19 21:46 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3651379580-3864678249-3458668711-1001
2017-07-19 17:34 - 2012-06-16 00:24 - 281885122 _____ C:\Users\dmast_000\Desktop\Cam14[20_09_11-20_13_01].avi
2017-07-19 17:34 - 2012-06-16 00:24 - 155101634 _____ C:\Users\dmast_000\Desktop\Cam14[20_37_19-20_38_01].avi
2017-07-19 17:34 - 2012-06-16 00:23 - 003789431 _____ () C:\Users\dmast_000\Desktop\Cam14[20_09_11-20_12_01].EXE
2017-07-19 17:34 - 2007-01-09 15:50 - 020320340 _____ C:\Users\dmast_000\Desktop\PICT0067547501.AVI
2017-07-19 00:37 - 2017-07-19 00:37 - 000000000 ____D C:\Users\dmast_000\Desktop\gb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-17 00:45 - 2016-11-18 22:37 - 000000000 ____D C:\Users\dmast_000\AppData\LocalLow\Mozilla
2017-08-16 23:06 - 2015-11-07 15:04 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\BitTorrent
2017-08-16 22:20 - 2016-07-16 01:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-16 22:20 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-16 22:16 - 2016-11-20 08:47 - 000005806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-16 22:13 - 2017-01-20 15:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-16 22:13 - 2015-12-03 19:06 - 000000000 __SHD C:\Users\dmast_000\IntelGraphicsProfiles
2017-08-16 22:13 - 2015-01-09 08:04 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-08-16 22:10 - 2016-11-20 08:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-16 22:10 - 2016-07-15 20:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-16 22:09 - 2016-05-31 23:47 - 000001165 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-08-16 22:09 - 2016-05-31 23:47 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-16 22:09 - 2015-09-09 22:38 - 000001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-16 22:05 - 2015-09-30 23:26 - 000000000 ____D C:\AdwCleaner
2017-08-16 21:56 - 2015-09-09 22:44 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\vlc
2017-08-16 20:36 - 2016-11-20 08:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-16 20:09 - 2015-01-09 08:04 - 000000000 ____D C:\ProgramData\McAfee
2017-08-16 04:40 - 2017-01-20 16:21 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-08-16 01:30 - 2016-07-15 20:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-16 01:29 - 2017-03-28 19:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-16 01:28 - 2017-01-20 16:02 - 000000000 ____D C:\Users\dmast_000
2017-08-11 23:57 - 2016-05-02 00:02 - 000000000 ____D C:\Users\dmast_000\Desktop\MEMES Politics
2017-08-11 20:43 - 2015-09-22 01:17 - 000000000 ____D C:\Users\dmast_000\AppData\Roaming\Nitro PDF
2017-08-10 12:52 - 2017-01-20 16:21 - 000004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-08-09 23:36 - 2017-01-07 21:49 - 000000000 ____D C:\Users\dmast_000\Downloads\D downloads
2017-08-09 13:20 - 2016-11-20 08:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-09 00:35 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-08 23:45 - 2016-07-16 01:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-08 23:43 - 2016-11-20 08:37 - 000281584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-08 23:41 - 2016-07-16 01:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-08 22:35 - 2016-07-16 01:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-08 22:27 - 2015-09-10 19:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-08 22:25 - 2015-09-10 19:51 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-08 21:35 - 2016-11-20 08:11 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-08 21:34 - 2016-11-20 08:11 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-08 21:17 - 2017-07-11 21:01 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-08-08 21:17 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 21:17 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-05 14:08 - 2017-06-15 00:39 - 000000000 ____D C:\Users\dmast_000\Desktop\Old Firefox Data
2017-08-04 19:48 - 2016-02-13 13:23 - 000000000 ____D C:\Users\dmast_000\Downloads\Adventure Time
2017-07-31 05:14 - 2017-07-12 02:44 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-31 05:14 - 2017-07-12 02:44 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-25 00:22 - 2016-07-16 01:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-22 14:33 - 2017-07-15 18:08 - 000000000 ____D C:\Users\dmast_000\Desktop\Two Minute Debunk
2017-07-21 21:24 - 2015-09-10 09:36 - 000000000 ____D C:\Users\dmast_000\dwhelper
2017-07-19 21:46 - 2015-12-03 19:10 - 000002390 _____ C:\Users\dmast_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-19 21:46 - 2015-09-09 22:00 - 000000000 __RDO C:\Users\dmast_000\OneDrive

==================== Files in the root of some directories =======

2015-09-09 21:56 - 2015-12-03 14:28 - 000370620 _____ () C:\Users\dmast_000\AppData\Local\BTServer.log
2015-09-09 22:44 - 2015-05-10 11:39 - 000009728 _____ () C:\Users\dmast_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-20 15:58 - 2017-01-20 15:58 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2014-02-25 08:56 - 2014-02-25 08:56 - 000115816 _____ (AOL Inc.) C:\Users\dmast_000\AppData\Local\Temp\AcsInstall.dll
2017-03-18 21:06 - 2010-04-30 17:21 - 000188416 _____ () C:\Users\dmast_000\AppData\Local\Temp\GLFCD6F.tmp.dll
2003-10-23 08:27 - 2003-10-23 08:27 - 000022528 _____ (Microsoft Corporation) C:\Users\dmast_000\AppData\Local\Temp\SHFOLDER.DLL
2017-04-23 00:46 - 2015-12-15 10:56 - 000224256 ____N () C:\Users\dmast_000\AppData\Local\Temp\uninst.dll
2017-03-18 21:40 - 2017-03-18 21:40 - 014456872 _____ (Microsoft Corporation) C:\Users\dmast_000\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-13 22:25

==================== End of FRST.txt ============================

 

as for the results I'm still running into a pop up redirect that appears to happen when I click on search bars, such as a wiki page.

It's this dumb putrr.com thing.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 17 August 2017 - 12:27 PM


Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please post the fixlog.txt and include for my review the Addition.txt log that was created by the Farbar rprogram.

Llet me know what problem persists with this computer.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 AM

Posted 24 August 2017 - 09:57 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users