Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Amazon Hijack - Potential Keylogger


  • This topic is locked This topic is locked
18 replies to this topic

#1 hocktastic

hocktastic

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 30 September 2017 - 07:33 PM

Hello there,

 

I'm hoping someone can help me; I have never posted on this site before so apologies in advance if I have posted in the wrong section.

 

Last night I had my Amazon account hijacked, I have now obviously changed my password and contacted my bank etc. But I am concerned about how this has happened. I am very careful online, never open suspicious emails and regularly scan my computer for infections.

 

My worry is I may have picked up a keylogger somewhere but ran a number of anti rootkit programmes which did not find anything.

 

I think potentially my password was picked up when I tried to log into a (reputable) online tv website as it was shortly after this the amazon hijack occurred, and looking through my search history it appears another unknown website was accessed at this point (See screenshot). But I am unsure if this is because the website had poor security, or something was already lurking in my computer.

 

I would like some help to check if my computer is safe to use, and it if isn't some instruction of how to fix the issue.

 

Thanks in advance

Rachael

 

Attached File  dodgy ad.png   23.98KB   0 downloads

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 01 October 2017 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.
==============================

#3 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 01 October 2017 - 03:29 PM

Hello there,

 

Thanks for replying and helping me. I've included that logs you've asked for and also a log for rkill that I ran when it first happened.

 

Kind regards,

Rachael

 

Malwarebytes log

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 10/1/17
Scan Time: 8:14 PM
Log File: Malwarebytes log 1.10.17.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2929
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-VI2EUSH\Student
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416552
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 30 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Adwcleaner log
 
# AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 01 19:51:35 2017
# Updated on 2017/29/09 by Malwarebytes 
# Database: 09-29-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1545 B] - [2017/8/26 23:40:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [1452 B] - [2017/8/26 23:40:8]
C:/AdwCleaner/AdwCleaner[S1].txt - [1080 B] - [2017/8/27 2:1:39]
C:/AdwCleaner/AdwCleaner[S2].txt - [1146 B] - [2017/8/27 2:17:35]
C:/AdwCleaner/AdwCleaner[S3].txt - [1213 B] - [2017/9/23 0:19:15]
C:/AdwCleaner/AdwCleaner[S4].txt - [1280 B] - [2017/10/1 1:54:1]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########
 
fbar log - FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-10-2017
Ran by Student (administrator) on DESKTOP-VI2EUSH (01-10-2017 20:54:35)
Running from C:\Users\Student\Downloads
Loaded Profiles: Student (Available Profiles: Student)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120130.inf_amd64_299d0c74ec099c32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\updater\appupdater.exe
(Dell Inc) C:\Windows\System32\config\systemprofile\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6875_668_64_02.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-22] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3926016 2016-05-25] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-06-14] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-07-14] (Apple Inc.)
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-28] (Glarysoft Ltd)
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-07-14] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk [2016-12-14]
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-01-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{07d82602-2676-4f66-83f2-7df6704ac4fe}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{62be38dc-e68b-4037-b466-3f2dbf1cc047}: [DhcpNameServer] 192.168.3.254
Tcpip\..\Interfaces\{66dbf261-6b7a-4964-a3fc-e3e43acd824b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9761aa7b-94b8-4521-a39d-4a9c7c8a766e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ce712995-be4f-4ec8-b060-29629198002b}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1023197909-3802901764-2802833377-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1023197909-3802901764-2802833377-1001 -> DefaultScope {7D7A88C3-1DD1-4223-9695-C6931DD07416} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-12] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-12] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-12] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-12] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-09-30]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-03-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2013-03-08] (Nuance Communications Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default [2017-10-01]
CHR Extension: (Google Slides) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-17]
CHR Extension: (Google Docs) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-17]
CHR Extension: (Google Drive) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-17]
CHR Extension: (YouTube) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-17]
CHR Extension: (Adblock Plus) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Ecosia Omnibar Redirect (Legacy)) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2017-05-11]
CHR Extension: (Google Sheets) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18]
CHR Extension: (Pinterest Save Button) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-09-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-09-30]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2016-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-17]
CHR Extension: (Chrome Media Router) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR Extension: (easyfundraising Donation Reminder) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2017-09-29]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-03-08]
 
Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Student\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-09-05]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119336 2017-06-16] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-02-02] (Intel Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-06-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-17] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe [426416 2017-09-30] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-22] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269920 2016-11-23] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-03-27] (Qualcomm)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-02-02] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [358968 2017-02-02] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-10-01] (Glarysoft Ltd)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-19] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2016-12-22] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86240 2016-12-27] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207584 2017-09-30] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [522736 2017-09-30] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [186696 2017-09-30] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1054432 2017-09-30] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-10-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-21] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-09-30] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-09-30] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-09-30] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-09-30] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-09-30] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93920 2016-12-20] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136176 2017-06-21] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199360 2017-06-21] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-09-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-10-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-10-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-10-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-10-01] (Malwarebytes)
S3 MFE_RR; C:\Users\Student\AppData\Local\Temp\mfe_rr.sys [24120 2017-10-01] (McAfee, Inc.) <==== ATTENTION
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [955392 2016-12-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [74848 2016-11-23] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-01 20:54 - 2017-10-01 20:56 - 000028762 _____ C:\Users\Student\Downloads\FRST.txt
2017-10-01 20:54 - 2017-10-01 20:54 - 000000000 ____D C:\FRST
2017-10-01 20:53 - 2017-10-01 20:53 - 002399744 _____ (Farbar) C:\Users\Student\Downloads\FRST64.exe
2017-10-01 20:53 - 2017-10-01 20:53 - 000001346 _____ C:\Users\Student\Desktop\AdwCleaner[S5] 1.10.17.txt
2017-10-01 20:49 - 2017-10-01 20:49 - 008250832 _____ (Malwarebytes) C:\Users\Student\Downloads\adwcleaner_7.0.3.1.exe
2017-10-01 20:47 - 2017-10-01 20:47 - 000001217 _____ C:\Users\Student\Desktop\Malwarebytes log 1.10.17.txt
2017-10-01 09:37 - 2017-10-01 09:37 - 000060078 _____ C:\Users\Student\Downloads\RMS3_1617_Lec20.pptx
2017-10-01 06:04 - 2017-10-01 09:16 - 000000000 ____D C:\Users\Student\Desktop\Allie Work
2017-10-01 05:08 - 2017-10-01 05:08 - 000430280 _____ (ESET) C:\Users\Student\Downloads\ESETSirefefCleaner (2).exe
2017-10-01 05:08 - 2017-10-01 05:08 - 000001502 _____ C:\Users\Student\Downloads\ESETSirefefCleaner (2).exe_20171001.050851.9712.zip
2017-10-01 05:05 - 2017-10-01 05:05 - 000784152 _____ (McAfee, Inc.) C:\Users\Student\Downloads\rootkitremover.exe
2017-10-01 03:46 - 2017-10-01 03:46 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Student\Downloads\rkill (1)64.exe
2017-10-01 03:24 - 2017-10-01 03:24 - 000000000 ____D C:\ProgramData\GlarySoft
2017-10-01 03:13 - 2017-10-01 03:13 - 000000000 ___HD C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2017-10-01 03:10 - 2017-10-01 20:05 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-10-01 03:10 - 2017-10-01 03:21 - 000000000 ____D C:\Users\Student\AppData\Roaming\GlarySoft
2017-10-01 03:10 - 2017-10-01 03:10 - 000020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2017-10-01 03:10 - 2017-10-01 03:10 - 000003400 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-10-01 03:10 - 2017-10-01 03:10 - 000003046 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-10-01 03:10 - 2017-10-01 03:10 - 000001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-10-01 03:10 - 2017-10-01 03:10 - 000001155 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-10-01 03:10 - 2017-10-01 03:10 - 000000000 ____D C:\Users\Student\AppData\Roaming\DiskDefrag
2017-10-01 03:10 - 2017-10-01 03:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2017-10-01 03:08 - 2017-10-01 03:08 - 017037944 _____ C:\Users\Student\Downloads\gu5setup.exe
2017-10-01 02:56 - 2017-10-01 02:56 - 001790024 _____ (Malwarebytes) C:\Users\Student\Downloads\JRT (4).exe
2017-10-01 02:54 - 2017-10-01 02:56 - 000110036 _____ C:\TDSSKiller.3.1.0.15_01.10.2017_02.54.52_log.txt
2017-10-01 02:54 - 2017-10-01 02:54 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Student\Downloads\tdsskiller.exe
2017-10-01 02:51 - 2017-10-01 02:52 - 008249808 _____ (Malwarebytes) C:\Users\Student\Downloads\AdwCleaner.exe
2017-09-30 21:41 - 2017-10-01 03:17 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-30 21:12 - 2017-09-30 21:12 - 005200384 _____ (AVAST Software) C:\Users\Student\Downloads\aswmbr (1).exe
2017-09-30 21:06 - 2017-09-30 21:06 - 005198336 _____ (AVAST Software) C:\Users\Student\Downloads\aswMBR.exe
2017-09-30 21:01 - 2017-09-30 21:01 - 011427128 _____ (Bitdefender LLC) C:\Users\Student\Downloads\BootkitRemoval_x64.exe
2017-09-30 19:07 - 2017-09-30 19:07 - 000251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-09-30 19:02 - 2017-09-30 19:02 - 000229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-09-30 19:02 - 2017-09-30 19:02 - 000173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-09-30 19:02 - 2017-09-30 19:02 - 000112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-09-30 19:02 - 2017-09-30 19:02 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-09-30 19:02 - 2017-09-30 19:02 - 000001311 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-09-30 19:02 - 2017-09-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-09-30 19:01 - 2017-10-01 20:00 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-30 19:01 - 2017-09-30 19:01 - 000002225 _____ C:\Users\Public\Desktop\Safe Money.lnk
2017-09-30 19:01 - 2017-09-30 19:01 - 000002207 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-09-30 19:01 - 2017-09-30 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-09-30 19:00 - 2017-10-01 20:19 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-09-30 19:00 - 2017-09-30 19:01 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-09-30 19:00 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-09-30 18:59 - 2017-09-30 19:05 - 001054432 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-09-30 18:59 - 2017-09-30 19:05 - 000207584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-09-30 18:59 - 2017-09-30 18:59 - 000522736 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-09-30 18:59 - 2017-09-30 18:59 - 000149584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2017-09-30 18:56 - 2017-09-30 18:57 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-09-30 18:55 - 2017-09-30 18:56 - 002623496 _____ (Kaspersky Lab) C:\Users\Student\Downloads\kss16.0.0.1344mlg_10004.exe
2017-09-30 08:28 - 2017-10-01 03:14 - 000000000 ____D C:\Users\Student\AppData\Local\CrashDumps
2017-09-30 08:13 - 2017-09-30 08:14 - 000000000 ____D C:\NPE
2017-09-30 08:10 - 2017-09-30 18:53 - 000000000 ____D C:\Users\Student\AppData\Local\NPE
2017-09-30 08:10 - 2017-09-30 08:10 - 003422944 _____ (Symantec Corporation) C:\Users\Student\Downloads\NPE.exe
2017-09-30 08:10 - 2017-09-30 08:10 - 000000000 ____D C:\ProgramData\Norton
2017-09-30 07:17 - 2017-09-30 07:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Student\Downloads\mbar-1.09.3.1001 (1).exe
2017-09-30 07:04 - 2017-09-30 07:04 - 000000000 ____D C:\WINDOWS\LastGood
2017-09-30 06:46 - 2017-09-30 06:46 - 000044544 _____ (Synaptics Incorporated) C:\Users\Student\Downloads\valWBFPolicyService.exe
2017-09-30 06:41 - 2017-09-30 06:42 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Student\Downloads\rkill.exe
2017-09-30 06:41 - 2017-09-30 06:42 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Student\Downloads\rkill (1).exe
2017-09-28 05:41 - 2017-09-28 05:41 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-28 05:41 - 2017-09-28 05:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-28 05:41 - 2017-09-28 05:41 - 000000000 ____D C:\Program Files\iPod
2017-09-28 05:40 - 2017-09-28 05:41 - 000000000 ____D C:\Program Files\iTunes
2017-09-28 05:37 - 2017-09-28 05:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-28 05:37 - 2017-09-28 05:37 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-23 01:44 - 2017-09-23 02:03 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-23 01:44 - 2017-09-23 01:44 - 011584088 _____ (SurfRight B.V.) C:\Users\Student\Downloads\hitmanpro_x64.exe
2017-09-23 01:43 - 2017-09-23 01:43 - 000430280 _____ (ESET) C:\Users\Student\Downloads\ESETSirefefCleaner (1).exe
2017-09-23 01:43 - 2017-09-23 01:43 - 000001506 _____ C:\Users\Student\Downloads\ESETSirefefCleaner (1).exe_20170923.014350.4356.zip
2017-09-23 01:40 - 2017-09-23 01:41 - 000074364 _____ C:\TDSSKiller.2.8.16.0_23.09.2017_01.40.29_log.txt
2017-09-23 01:40 - 2017-09-23 01:40 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\72936116.sys
2017-09-23 01:40 - 2017-09-23 01:40 - 000000000 ____D C:\Users\Student\Downloads\tdsskiller
2017-09-23 01:39 - 2017-09-23 01:39 - 002218636 _____ C:\Users\Student\Downloads\tdsskiller.zip
2017-09-23 00:54 - 2017-09-23 00:56 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-09-17 22:17 - 2017-09-17 22:18 - 000210457 _____ C:\Users\Student\Downloads\Adult1 16-25 - 18Sep17.pdf
2017-09-16 14:32 - 2017-09-16 14:32 - 000076554 _____ C:\Users\Student\Downloads\Invoice ce854c3a-07d5-4df8-96d6-5145763c49cb.pdf
2017-09-16 00:53 - 2017-09-16 00:53 - 000002375 _____ C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-15 08:30 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-15 08:30 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-15 08:30 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-15 08:30 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-15 08:30 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-15 08:30 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-15 08:30 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-15 08:30 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-15 08:30 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-15 08:30 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-15 08:30 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-15 08:30 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-15 08:30 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-15 08:30 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-15 08:30 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-15 08:30 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-15 08:30 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-15 08:30 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-15 08:30 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-15 08:30 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-15 08:30 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-15 08:30 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-15 08:30 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-15 08:30 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-15 08:30 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-15 08:30 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-15 08:30 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-15 08:30 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-15 08:30 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-15 08:30 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-15 08:30 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-15 08:30 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-15 08:30 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-15 08:30 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-15 08:30 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-15 08:30 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-15 08:30 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-15 08:30 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-15 08:30 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-15 08:30 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-15 08:30 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-15 08:30 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-15 08:30 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-15 08:29 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-15 08:29 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-15 08:29 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-15 08:29 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-15 08:29 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-15 08:29 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-15 08:29 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-15 08:29 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-15 08:29 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-15 08:29 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-15 08:29 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-15 08:29 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-15 08:29 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-15 08:29 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-15 08:29 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-15 08:29 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-15 08:29 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-15 08:29 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-15 08:29 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-15 08:29 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-15 08:29 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-15 08:29 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-15 08:29 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-15 08:29 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-15 08:29 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-15 08:29 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-15 08:29 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-15 08:29 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-15 08:29 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-15 08:29 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-15 08:29 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-15 08:29 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-15 08:29 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-15 08:29 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-15 08:29 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-15 08:29 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-15 08:29 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-15 08:29 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-15 08:29 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-15 08:29 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-15 08:29 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-15 08:29 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-15 08:29 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-15 08:29 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-15 08:29 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-15 08:29 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-15 08:29 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-15 08:29 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-15 08:29 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-15 08:29 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-15 08:29 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-15 08:29 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-15 08:29 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-15 08:29 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-15 08:29 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-15 08:29 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-15 08:29 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-15 08:29 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-15 08:29 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-15 08:29 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-15 08:29 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-15 08:22 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-15 08:22 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-15 08:22 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-15 08:22 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-15 08:22 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-15 08:22 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-15 08:21 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-15 08:21 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-15 08:21 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-15 08:21 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-15 08:21 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-15 08:21 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-15 08:21 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-15 08:21 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-15 08:21 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-15 08:21 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-15 08:21 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-15 08:21 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-15 08:21 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-15 08:21 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-15 08:21 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-15 08:21 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-15 08:21 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-15 08:21 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-15 08:21 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-15 08:21 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-15 08:21 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-15 08:21 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-15 08:21 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-15 08:21 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-15 08:21 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-15 08:21 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-15 08:21 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-15 08:21 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-15 08:21 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-15 08:21 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-15 08:21 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-15 08:21 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-15 08:21 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-15 08:21 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-15 08:21 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-15 08:21 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-15 08:21 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-15 08:21 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-15 08:21 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-15 08:21 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-15 08:21 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-15 08:21 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-15 08:21 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-15 08:21 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-15 08:21 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-15 08:21 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-15 08:21 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-15 08:21 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-15 08:20 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-15 08:20 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-15 08:20 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-15 08:20 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-15 08:20 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-15 08:20 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-15 08:20 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-15 08:20 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-15 08:20 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-15 08:20 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-15 08:20 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-15 08:20 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-15 08:20 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-15 08:20 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-15 08:20 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-15 08:20 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-15 08:20 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-15 08:20 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-15 08:20 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-15 08:20 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-15 08:20 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-15 08:20 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-15 08:20 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-15 08:20 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-15 08:20 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-15 08:20 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-15 08:20 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-15 08:20 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-15 08:20 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-15 08:20 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-15 08:20 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-15 08:20 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-15 08:20 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-15 08:20 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-15 08:20 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-15 08:20 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-15 08:20 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-15 08:20 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-15 08:20 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-15 08:20 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-15 08:20 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-15 08:20 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-15 08:20 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-15 08:20 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-15 08:20 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-15 08:20 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-15 08:20 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-15 08:20 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-15 08:19 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-15 08:19 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-15 08:19 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-15 08:19 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-15 08:19 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-15 08:19 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-15 08:19 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-15 08:19 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-15 08:19 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-15 08:19 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-15 08:19 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-15 08:19 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-15 08:19 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-15 08:19 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-15 08:19 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-15 08:19 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-15 08:19 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-15 08:19 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-15 08:19 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-15 08:19 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-15 08:19 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-15 08:19 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-15 08:19 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-15 08:19 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-15 08:19 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-15 08:19 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-15 08:19 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-15 08:19 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-15 08:19 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-15 08:19 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-15 08:19 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-15 08:19 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-15 08:19 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-15 08:19 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-15 08:19 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-15 08:19 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-15 08:19 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-15 08:19 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-15 08:19 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-15 08:19 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-15 08:19 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-15 08:19 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-15 08:19 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-15 08:19 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-15 08:18 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-15 08:18 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-15 08:18 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-15 08:18 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-15 08:18 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-15 08:18 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-15 08:18 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-15 08:18 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-15 08:18 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-15 08:18 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-15 08:18 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-15 08:18 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-15 08:18 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-15 08:18 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-15 08:18 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-15 08:18 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-15 08:18 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-15 08:18 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-15 08:18 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-15 08:18 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-15 08:18 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-15 08:18 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-15 08:18 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-15 08:18 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-15 08:18 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-15 08:18 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-15 08:18 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-15 08:18 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-15 08:18 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-15 08:18 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-15 08:18 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-15 08:18 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-15 08:18 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-15 08:18 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-15 08:18 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-15 08:18 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-15 08:18 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-15 08:18 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-15 08:17 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-15 08:17 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-15 08:17 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-15 08:17 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-15 08:17 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-15 08:17 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-15 08:17 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-15 08:17 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-15 08:17 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-15 08:17 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-15 08:17 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-15 08:17 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-15 08:17 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-15 08:17 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-15 08:16 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-15 08:16 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-15 08:16 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-15 08:16 - 2017-09-05 05:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-15 08:16 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-15 08:16 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 16:29 - 2017-09-13 16:30 - 001127000 _____ C:\Users\Student\Downloads\video-1505316056.mp4
2017-09-11 05:30 - 2017-09-11 05:30 - 000001494 _____ C:\Users\Student\Downloads\ESETSirefefCleaner.exe_20170911.053018.380.zip
2017-09-11 05:29 - 2017-09-11 05:29 - 000430280 _____ (ESET) C:\Users\Student\Downloads\ESETSirefefCleaner.exe
2017-09-08 20:55 - 2017-09-08 20:55 - 000083874 _____ C:\Users\Student\Desktop\mum bank picture 2.pdf
2017-09-08 20:50 - 2017-09-08 20:50 - 000420731 _____ C:\Users\Student\Desktop\Finance info pdf.pdf
2017-09-08 20:50 - 2017-09-08 20:50 - 000000000 ____D C:\Users\Student\AppData\LocalLow\Temp
2017-09-08 17:35 - 2017-09-08 17:35 - 000075948 _____ C:\Users\Student\Desktop\Invoice (3).pdf
2017-09-08 17:34 - 2017-09-08 17:34 - 000076055 _____ C:\Users\Student\Desktop\Invoice (2).pdf
2017-09-08 17:33 - 2017-09-08 17:33 - 000076057 _____ C:\Users\Student\Desktop\Invoice (1).pdf
2017-09-08 17:29 - 2017-09-08 17:29 - 000000843 _____ C:\Users\Student\AppData\Local\recently-used.xbel
2017-09-08 17:21 - 2017-09-08 17:21 - 000076019 _____ C:\Users\Student\Desktop\Invoice 1.pdf
2017-09-08 06:17 - 2017-09-08 21:37 - 000000000 ____D C:\Users\Student\Desktop\DSA
2017-09-05 04:13 - 2017-10-01 20:02 - 000000000 ___RD C:\Users\Student\iCloudDrive
2017-09-05 04:13 - 2017-09-10 02:48 - 000000000 ____D C:\Users\Student\Documents\Outlook Files
2017-09-05 04:13 - 2017-09-05 04:58 - 000000000 ____D C:\Users\Student\AppData\Local\1E0F48D2-2145-4FD3-B348-25EC8D9A05AC.aplzod
2017-09-05 04:13 - 2017-09-05 04:13 - 000000000 ____D C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-09-05 04:13 - 2017-09-05 04:13 - 000000000 ____D C:\Users\Student\AppData\Local\Apple Inc
2017-09-05 03:32 - 2017-09-05 03:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-09-05 03:24 - 2017-09-05 03:24 - 136346424 _____ (Apple Inc.) C:\Users\Student\Downloads\iCloudSetup.exe
2017-09-05 02:56 - 2017-09-05 03:01 - 000000000 ____D C:\Users\Student\Desktop\Phone pics 5.9.17
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-01 20:51 - 2017-08-27 00:38 - 000000000 ____D C:\AdwCleaner
2017-10-01 20:46 - 2017-08-26 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-01 20:16 - 2017-04-30 06:14 - 000113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-10-01 20:16 - 2017-04-30 06:14 - 000043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-10-01 20:16 - 2016-12-12 20:49 - 000093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-10-01 20:12 - 2017-04-30 06:14 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-01 20:02 - 2016-12-12 20:09 - 000000000 __SHD C:\Users\Student\IntelGraphicsProfiles
2017-10-01 20:00 - 2017-08-26 22:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-01 19:53 - 2017-08-26 22:00 - 000000000 ____D C:\Users\Student
2017-10-01 19:53 - 2017-03-18 12:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-10-01 03:58 - 2017-01-19 08:48 - 000000000 ____D C:\Users\Student\AppData\Local\ElevatedDiagnostics
2017-10-01 03:49 - 2017-08-27 03:13 - 000002184 _____ C:\Users\Student\Desktop\Rkill.txt
2017-10-01 03:31 - 2017-08-26 22:25 - 000003366 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1491781587
2017-10-01 03:19 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-01 03:02 - 2017-08-27 01:19 - 000000626 _____ C:\Users\Student\Desktop\JRT.txt
2017-10-01 03:00 - 2016-11-13 04:46 - 000000000 ____D C:\ProgramData\Temp
2017-10-01 02:54 - 2017-07-01 08:33 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-10-01 02:54 - 2017-04-10 00:46 - 000000000 ____D C:\Program Files\Opera
2017-09-30 21:45 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-30 21:45 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-30 19:00 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-30 18:51 - 2017-04-10 00:24 - 000000000 ____D C:\Users\Student\AppData\Roaming\uTorrent
2017-09-30 08:20 - 2017-08-26 22:20 - 001054758 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-30 08:10 - 2017-08-27 03:22 - 000000000 ____D C:\Users\Student\Desktop\mbar
2017-09-30 08:10 - 2017-08-27 03:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-30 07:36 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-30 07:31 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-30 07:31 - 2016-12-12 20:10 - 000000000 ____D C:\Users\Student\AppData\Local\Packages
2017-09-30 07:05 - 2016-11-13 04:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-30 06:21 - 2017-04-30 06:14 - 000187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-30 06:21 - 2017-04-30 06:14 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-30 06:21 - 2017-04-30 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-28 06:25 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 06:22 - 2016-11-13 05:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-28 05:39 - 2017-02-03 04:17 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-28 05:37 - 2017-02-03 04:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-26 00:57 - 2016-12-12 20:26 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 00:57 - 2016-12-12 20:26 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-24 16:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-18 12:19 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 18:23 - 2016-04-25 21:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-16 18:18 - 2017-08-26 21:53 - 000392408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-16 18:13 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-16 00:59 - 2016-12-13 13:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-16 00:53 - 2017-08-26 22:25 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1023197909-3802901764-2802833377-1001
2017-09-16 00:53 - 2016-12-12 20:18 - 000000000 ___RD C:\Users\Student\OneDrive
2017-09-15 09:01 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-15 09:01 - 2016-12-13 13:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-15 01:00 - 2017-01-05 03:56 - 000000000 ____D C:\Users\Student\AppData\Local\Spotify
2017-09-15 01:00 - 2017-01-05 03:55 - 000000000 ____D C:\Users\Student\AppData\Roaming\Spotify
2017-09-13 16:27 - 2017-01-07 03:04 - 000000000 ____D C:\Users\Student\AppData\Roaming\RStudio
2017-09-13 16:27 - 2017-01-07 03:03 - 000058368 _____ C:\Users\Student\AppData\Local\WebpageIcons.db
2017-09-13 16:27 - 2017-01-07 03:03 - 000000000 ____D C:\Users\Student\AppData\Local\RStudio-Desktop
2017-09-13 16:27 - 2016-12-13 10:50 - 000020019 _____ C:\Users\Student\Documents\.Rhistory
2017-09-10 06:21 - 2016-12-13 11:12 - 000000000 ___RD C:\Users\Student\Documents\Scanned Documents
2017-09-10 06:12 - 2017-01-07 02:19 - 000000000 ____D C:\ProgramData\HP
2017-09-10 04:24 - 2017-05-05 16:49 - 000000000 ____D C:\Users\Student\Documents\SFE compelling PR evidence 5.5.17
2017-09-10 03:07 - 2016-12-14 13:40 - 000000000 ____D C:\Users\Student\AppData\Local\ConnectedDevicesPlatform
2017-09-08 17:33 - 2017-02-08 15:31 - 000000000 ____D C:\Users\Student\.gimp-2.8
2017-09-08 17:29 - 2017-02-08 15:39 - 000000000 ____D C:\Users\Student\AppData\Local\gtk-2.0
2017-09-05 04:14 - 2017-02-03 04:20 - 000000000 ____D C:\Users\Student\AppData\Roaming\Apple Computer
2017-09-05 03:39 - 2017-02-03 04:20 - 000000000 ____D C:\Users\Student\AppData\Local\Apple Computer
2017-09-05 02:56 - 2017-07-12 05:23 - 000000000 ____D C:\Users\Student\Desktop\Ebay Photos
2017-09-02 16:15 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 16:15 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-04-22 00:11 - 2017-04-22 00:11 - 000002035 _____ () C:\Users\Student\AppData\Roaming\SAS7_000.DAT
2017-09-08 17:29 - 2017-09-08 17:29 - 000000843 _____ () C:\Users\Student\AppData\Local\recently-used.xbel
2017-01-07 03:03 - 2017-09-13 16:27 - 000058368 _____ () C:\Users\Student\AppData\Local\WebpageIcons.db
2017-01-07 02:23 - 2017-09-28 07:11 - 000001899 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-30 08:24
 
==================== End of FRST.txt ============================
 
RKILL Log
 
kill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/01/2017 03:46:07 AM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\valWBFPolicyService.exe (PID: 3372) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/01/2017 03:49:19 AM
Execution time: 0 hours(s), 3 minute(s), and 12 seconds(s)
 
 
 
 
 

 

 

Attached Files



#4 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 01 October 2017 - 06:32 PM

Hello again - Just an update.

 

I restarted my computer so ran rkill again, and this time a lot more things came up in the log.

It is too long to comment so I have attached it for you to see.

 

Note - On a potentially related note, my mum has an ancient laptop that i have been trying to fix for her. I ran rkill on her laptop and it showed zeroaccess rootkit symptoms. I tried to find and remove the rootkit (using information from this site) but did not succeed. So I have told her to stop using the laptop until I have more time to try and fix it.

 

Could this infection potentially have spread to my computer and caused the amazon hijack?

 

Kind regards,

Rachael

Attached Files


Edited by hocktastic, 01 October 2017 - 06:37 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 02 October 2017 - 09:03 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (easyfundraising Donation Reminder) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2017-09-29]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {38CD2CD2-21CD-4058-8007-16A147A8C93E} - System32\Tasks\GoogleUpdateTaskMachineCore =>  [Argument = /c] <==== ATTENTION
Task: {82310426-01F9-498D-9942-4B8640E4EBEA} - System32\Tasks\GoogleUpdateTaskMachineUA =>  [Argument = /ua /installsource scheduler] <==== ATTENTION
Task: {8F0CF27E-9BF3-44CC-8104-985395E846F2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [249]
AlternateDataStreams: C:\Users\Student\Documents\2015-04-08 01.14.46.jpg:com.dropbox.attributes [1016]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\\OfficeSoftwareProtectionPlatform\SvcRestartTask

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Quoted from your last Rkill log.

Reparse Point/Junctions Found (These may be legitimate)!


We need to repair these.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
===

When all is well you should update Java.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.

Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

p.s.
As for your Mother's computer I suggest you start a new topic.

Run the Farbar program and post both log logs.
Run the Rkill programd and post the log.

Post the the URL of the topic in your next reply and I will expedite the matter.

#6 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 October 2017 - 12:12 AM

Here is the url for the new topic about my mothers computer

https://www.bleepingcomputer.com/forums/t/659131/zeroaccess-rootkit-found-on-old-laptop/

 

 

With regards to my computer, I got to this point in your instructions.

 

If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next BootReboot the computer to let Windows check the disk. 

 

I have rebooted my computer, and it is currently stuck at 'scanning and repairing drive (C:):11% complete.

Its been like this for approximately 40 minutes - i run glary utilities which starts automatically with the computer, might this be interfering?

 

thanks,

rachael



#7 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 October 2017 - 07:55 AM

Hello there,
 
The computer did eventually reboot, however I had to carry out the repairs in safe mood as they failed the first two times.
I have just included the logs from the folder from the third attempt at repairs that succeeded - if you need the logs from the first two attempts I can post those too.
I have also added the name each log is saved under to make it clearer :)
 
It seems my response is too long to post, so I have saved the logs as a text file which I will attach to this reply.
 
Note - This potentially might be relevant to explain info in logs. This computer is provided and maintained for me by my university. About a year ago my old computer failed, so the university recovered my old information and moved it onto this new laptop. However, I don't feel this laptop has ever ran particularly well - it's always seemed slow and appears to have lots of processes running. I thought this might be because unnecessary stuff was moved across from my old laptop but I don't have the skill or understanding to know if I am correct.
 
Thanks,
Rachael
 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 03 October 2017 - 08:45 AM

Hi,

Close the Tweaking process if not all ready done.

i run glary utilities which starts automatically with the computer, might this be interfering?

Yes disable it as well as you Security programs. Close all Open windows also.

Restart the Tweaking tool as previously suggested.

#9 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 October 2017 - 09:05 AM

Hi there,

 

I carried out the repairs in safe mood after my comment about the glary utilities issue.

Will this be okay, or do I still need to restart the tweaking tool?

 

Thanks,

Rachael



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 03 October 2017 - 12:26 PM

Did you get a log from the Tweaking repair?

If so please post it.

You can also run the RKill program to see if the results has changed.

How is the computer running?

#11 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 October 2017 - 12:48 PM

Hello,

 

Yes I did, I posted the logs with an earlier reply (sent at 01.55pm GMT) but perhaps the post didn't work. I'll send it again :)

 

 

 

Hello there,
 
The computer did eventually reboot, however I had to carry out the repairs in safe mood as they failed the first two times.
I have just included the logs from the folder from the third attempt at repairs that succeeded - if you need the logs from the first two attempts I can post those too.
I have also added the name each log is saved under to make it clearer :)
 
It seems my response is too long to post, so I have saved the logs as a text file which I will attach to this reply.
 
Note - This potentially might be relevant to explain info in logs. This computer is provided and maintained for me by my university. About a year ago my old computer failed, so the university recovered my old information and moved it onto this new laptop. However, I don't feel this laptop has ever ran particularly well - it's always seemed slow and appears to have lots of processes running. I thought this might be because unnecessary stuff was moved across from my old laptop but I don't have the skill or understanding to know if I am correct.
 
Thanks,
Rachael
 

 

 

 

 

Attached Files


Edited by hocktastic, 03 October 2017 - 12:49 PM.


#12 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 October 2017 - 01:09 PM

Hi again,

 

I've just rebooted my computer and ran rkill. I will paste the log below.

 

My computer is running okay (apart from being generally a bit slow as explained above); however I am still worried I may have malware after my amazon account details were stolen, and I just want to make sure I am safe to use my computer to do 'risky' things - such as log into my bank account etc.

 

Thanks,

Rach

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/03/2017 06:58:45 PM in x64 mode.
Windows Version: Windows 10 Home 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\valWBFPolicyService.exe (PID: 3724) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 10/03/2017 07:02:24 PM
Execution time: 0 hours(s), 3 minute(s), and 39 seconds(s)


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:41 PM

Posted 04 October 2017 - 07:05 AM

Hi,

Please download Zemana AntiMalware and save it to your Desktop.
- You need to unzip it and start..
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

#14 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 04 October 2017 - 12:55 PM

Hello,

 

For some reason when I tried to unzip the file it kept unzipping as empty, so I downloaded the Zemana Antimalware direct from beeping computer, hopefully this will be okay.

 

The scan found two things, though I suspect one of them could be the registry adjustment I downloaded to stop windows defender antivirus working for an earlier part of fixing my computer.

After this, I ran the same scan again and it came back as clean.

 

I have attached the logs

 

Thanks,

Rachael

 

 

 

 

Attached Files



#15 hocktastic

hocktastic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 04 October 2017 - 06:21 PM

Hello Again,

 

I decided to run RogueKiller since it worked well on my mums computer.

It did detect some things, one of which I deleted. The other 14 detection's I am unsure if they need removing or not.

 

I have attached the log for you to see.

 

Kind regards,

Rachael 

Attached Files


Edited by hocktastic, 04 October 2017 - 07:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users