Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

THink I am hacked or someone is watching everything I do


  • This topic is locked This topic is locked
35 replies to this topic

#1 spacecoaster

spacecoaster

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 October 2017 - 07:00 PM

I need help please. I do not have access to certain folders on my laptop, that I should have access to. Its like I am a user, and it seems like my pc is now just a virtual machine. IDK I dont even have Windows installed on it anymore. I had all these crazy network connections, a LAN, different adapters, different networks, etc. I only have wifi and currently am hooked up through ethernet. Also, my Recovery drive (D) is almost full. its showing red at like 20.5 gb used out of 22.7 gb.I ran FRST here is log. I also ran superantispyware and it came up with this:

 

Trojan.FakeAlert-Gen/Variant
    C:\PROGRAM FILES\HALO MOD TOOLS\HALO 2-4 AIO PROGRAMS\H2 TOOLS\MISCELLANEOUS\XBINS\WEB\TOOLTIP.DLL

 

along with about 6500 tracking cookies. Please can someone help?? Thank you in advance
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
Ran by jcale_000 (administrator) on LONEARCTICWOLF (04-10-2017 17:01:26)
Running from C:\Users\jcale_000\Desktop
Loaded Profiles: jcale_000 (Available Profiles: jcale_000 & looki & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(DESlock Limited.) C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPNativeMessage.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-05-23] (Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\Policies\Explorer: [NoInternetOpenWith] 0
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{000070eb-b781-412f-961a-746e2203b368}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{ac9dba63-eb7c-462a-9a54-069609993b74}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-cee3e9a8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-cee3e9a8&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-cee3e9a8&q={searchTerms}
SearchScopes: HKLM -> {202DE4E4-EC6F-432E-9D91-0984AAA869DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-cee3e9a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-cee3e9a8&q={searchTerms}
SearchScopes: HKLM-x32 -> {202DE4E4-EC6F-432E-9D91-0984AAA869DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-181910234-2577304340-1905641807-1002 -> {202DE4E4-EC6F-432E-9D91-0984AAA869DB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-07-13] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-13] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: vipresg - No CLSID Value

FireFox:
========
FF DefaultProfile: et154elb.default-1496270924275
FF ProfilePath: C:\Users\jcale_000\AppData\Roaming\Mozilla\Firefox\Profiles\et154elb.default-1496270924275 [2017-10-04]
FF user.js: detected! => C:\Users\jcale_000\AppData\Roaming\Mozilla\Firefox\Profiles\et154elb.default-1496270924275\user.js [2017-08-02]
FF NetworkProxy: Mozilla\Firefox\Profiles\et154elb.default-1496270924275 -> type", 0
FF Extension: (Java-Redirector) - C:\Users\jcale_000\AppData\Roaming\Mozilla\Firefox\Profiles\et154elb.default-1496270924275\Extensions\{b75af37b-574d-4746-ac34-629fa349cf81}.xpi [2017-09-26]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-10-01] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-13] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-181910234-2577304340-1905641807-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jcale_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-20] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> msn.com
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48","hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=856da4a8c66f4022b486f50b4f916f03&tu=10GA0006L2B000c&sku=&tstsId=&ver=&","hxxp://search.conduit.com/?CUI=UN48197210222461846&ctid=CT2233703&SearchSource=48","hxxp://home.sweetim.com/?crg=3.5000006.10045&barid={B02873DD-BB69-11E2-A273-00121772F3A1}","hxxp://search.conduit.com/?ctid=CT3287822&SearchSource=48&CUI=UN25695043620033243&UM=2","hxxp://mysearch.avg.com/?cid={A56DFE10-DFA1-4E52-A2C5-C38E84D2986D}&mid=3e5df4de073147d08263d1098c75733b-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=pr&d=2013-05-20 06:25:39&v=15.2.0.5&pid=safeguard&sg=1&sap=hp"
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://nnegnghjbbaaojdkcdgmdehpakckeekb/redirect.html"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.bing.com/search?FORM=U452DF&PC=U452&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://www.bing.com/osjson.aspx?FORM=U452DF&PC=U452&query={searchTerms}
CHR Profile: C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (Google Slides) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Word Online) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Grammarly for Chrome) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-17]
CHR Extension: (Gmail) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR Profile: C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-19]
CHR Profile: C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-04]
CHR Extension: (Google Slides) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
CHR Extension: (Bing) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aodojjhnfnfhaplflfohfddffmjkdjak [2017-09-30]
CHR Extension: (Google Docs) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
CHR Extension: (Google Drive) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-21]
CHR Extension: (YouTube) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-09-30]
CHR Extension: (Google Sheets) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
CHR Extension: (PicMonkey) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2017-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
CHR Extension: (Planetarium) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2017-09-30]
CHR Extension: (AdBlock) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-30]
CHR Extension: (Pixlr Express) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2017-09-30]
CHR Extension: (iPiccy Photo Editor) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-09-30]
CHR Extension: (Validately Recorder) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcedhlhflngocfijcjciecclhdhhalfh [2017-09-30]
CHR Extension: (PDF to Word Converter App) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jclipofobaadknkadkpgggmjkebddjam [2017-09-30]
CHR Extension: (InvisibleHand) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-09-30]
CHR Extension: (Total AV Web Shield) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Swagbucks Search) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2017-07-18]
CHR Extension: (UserZoom Surveys Extension) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo [2017-09-30]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2017-09-30]
CHR Extension: (Gmail) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Google Similar Pages) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2017-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation)
R2 dlpsrv; C:\Program Files\ESET\ESET Secure Data\dlpsrv.exe [540864 2016-07-08] (DESlock Limited.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-06-13] (ESET)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-03-04] (INCA Internet Co., Ltd.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-05-23] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27376 2016-08-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [91400 2015-08-01] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-12] (Advanced Micro Devices, Inc. )
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2017-05-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2016-12-12] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 DLMFENC; C:\WINDOWS\System32\DRIVERS\DLMFENC.sys [179712 2016-08-04] (DESlock Ltd.)
R0 DLPCRYPT; C:\WINDOWS\System32\DRIVERS\dlpcrypt.sys [121184 2016-08-09] (DESlock Ltd.)
R0 dlpvdisk; C:\WINDOWS\System32\DRIVERS\dlpvdisk.sys [98304 2016-08-04] (DESlock Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-05-04] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-05-04] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-26] (REALiX™)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-07] ()
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-06] (IObit.com)
S3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-16] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-16] (IObit.com)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-10-04] (Malwarebytes)
R1 MpKsla201316d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED5F1F39-36DF-4A63-9037-6C03CCE4D641}\MpKsla201316d.sys [44928 2017-09-26] (Microsoft Corporation)
R1 MpKslfdcc60e0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{07FFE335-32F5-43B1-BC9E-5980009BC3A3}\MpKslfdcc60e0.sys [44928 2017-09-19] (Microsoft Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2017-10-04] (Sysinternals - www.sysinternals.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-16] (IObit.com)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-05-23] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-07-08] (DEVGURU Co., LTD.)
U5 stormmc; C:\Windows\System32\Drivers\stormmc.sys [43912 2017-05-23] (Advanced Micro Devices)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-07-17] ()
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
R0 VDLPToken2; C:\WINDOWS\System32\DRIVERS\vdlptkn2.sys [135736 2016-08-04] (DESlock Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) [File not signed]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-04 17:01 - 2017-10-04 17:02 - 000026892 _____ C:\Users\jcale_000\Desktop\FRST.txt
2017-10-04 16:48 - 2017-10-04 16:48 - 001931969 _____ C:\Users\jcale_000\Desktop\ProcessExplorer.zip
2017-10-04 16:48 - 2017-10-04 16:48 - 000092992 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-10-04 16:47 - 2017-10-04 16:48 - 001004649 _____ C:\Users\jcale_000\Desktop\ProcessMonitor.zip
2017-10-04 16:43 - 2017-10-04 16:43 - 001306150 _____ C:\Users\jcale_000\Desktop\Autoruns.zip
2017-10-04 16:38 - 2017-10-04 17:01 - 000000000 ____D C:\FRST
2017-10-04 16:38 - 2017-10-04 16:38 - 002399744 _____ (Farbar) C:\Users\jcale_000\Desktop\FRST64.exe
2017-10-04 12:00 - 2017-10-04 12:00 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-04 12:00 - 2017-10-04 12:00 - 000001927 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-04 12:00 - 2017-10-04 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-04 12:00 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-03 21:36 - 2017-10-03 21:36 - 000000000 ____D C:\Users\jcale_000\AppData\Roaming\ESET
2017-10-03 21:29 - 2017-10-03 21:29 - 000012389 _____ C:\Users\jcale_000\Desktop\Significant Figure Rules.html
2017-10-03 21:29 - 2017-10-03 21:29 - 000000000 ____D C:\Users\jcale_000\Desktop\Significant Figure Rules_files
2017-10-02 10:18 - 2017-10-02 10:19 - 000196608 _____ C:\WINDOWS\system32\Ikeext.etl
2017-10-02 10:18 - 2017-10-02 10:18 - 000000000 ____D C:\Users\jcale_000\Desktop\WlanTraces
2017-10-01 21:47 - 2017-10-01 21:47 - 000000000 ____D C:\Users\jcale_000\AppData\Local\DESlock+
2017-10-01 21:40 - 2017-10-01 21:47 - 000000000 ____D C:\Program Files\ESET
2017-10-01 21:40 - 2017-10-01 21:40 - 000002069 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-10-01 21:40 - 2017-10-01 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-10-01 21:40 - 2017-10-01 21:40 - 000000000 ____D C:\ProgramData\ESET
2017-10-01 21:38 - 2017-10-01 21:38 - 003137152 _____ (ESET) C:\Users\jcale_000\Desktop\eset_smart_security_premium_live_installer_us.exe
2017-09-30 16:58 - 2017-09-30 16:58 - 000000000 ____D C:\Users\jcale_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-09-30 16:57 - 2017-09-30 16:57 - 000000000 ____D C:\Users\jcale_000\AppData\Roaming\Google
2017-09-30 13:01 - 2017-09-30 13:01 - 000002518 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_jcale_000
2017-09-30 13:01 - 2017-09-30 13:01 - 000000316 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_jcale_000.job
2017-09-26 22:44 - 2017-10-04 11:48 - 000000000 ____D C:\Program Files (x86)\ESET
2017-09-26 22:42 - 2017-09-26 22:42 - 000000678 _____ C:\Users\jcale_000\Desktop\Turn_Off_Windows_Defender_Antivirus.reg
2017-09-26 22:36 - 2017-09-26 22:36 - 002870984 _____ (ESET) C:\Users\jcale_000\Desktop\esetsmartinstaller_enu.exe
2017-09-26 21:29 - 2017-09-26 21:29 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-181910234-2577304340-1905641807-1002
2017-09-26 19:08 - 2017-09-26 19:13 - 000001332 _____ C:\Users\looki\Desktop\autoruns - Shortcut.lnk
2017-09-26 16:00 - 2017-09-26 16:00 - 006754944 _____ (ESET spol. s r.o.) C:\Users\looki\Downloads\esetonlinescanner_enu.exe
2017-09-26 12:02 - 2017-09-26 12:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-181910234-2577304340-1905641807-1005
2017-09-25 18:36 - 2017-09-25 18:36 - 000000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-24 21:55 - 2017-09-24 21:55 - 000000000 _____ C:\Users\looki\Desktop\Show-Hidden.txt
2017-09-22 12:56 - 2017-09-22 12:56 - 000094075 _____ C:\Users\jcale_000\Desktop\dds.txt
2017-09-22 12:56 - 2017-09-22 12:56 - 000007800 _____ C:\Users\jcale_000\Desktop\attach.txt
2017-09-22 12:51 - 2017-09-22 12:52 - 000688992 ____R (Swearware) C:\Users\jcale_000\Desktop\dds.com
2017-09-22 12:42 - 2017-09-22 12:42 - 000000162 ____H C:\Users\looki\Documents\~$NEARCTICWOLF2.arn
2017-09-22 10:09 - 2017-09-26 17:55 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0BB97EF8-B7E0-44FF-A6EE-AE81FD69A33A}
2017-09-21 17:35 - 2017-09-21 17:39 - 007950162 _____ C:\Users\looki\Documents\LONEARCTICWOLF2.arn
2017-09-21 14:53 - 2017-09-21 14:53 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-181910234-2577304340-1905641807-1005
2017-09-21 14:53 - 2017-09-21 14:53 - 000002415 _____ C:\Users\looki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-19 23:53 - 2017-09-19 23:56 - 007950162 _____ C:\Users\looki\Documents\LONEARCTICWOLF.arn
2017-09-19 23:25 - 2017-10-04 16:46 - 000000000 ____D C:\Autoruns64
2017-09-19 20:02 - 2017-09-21 14:53 - 000000000 ___RD C:\Users\looki\OneDrive
2017-09-19 18:35 - 2017-09-02 11:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-19 18:35 - 2017-09-02 11:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-19 18:30 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-19 18:30 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-19 18:30 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-19 18:30 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-19 18:30 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-19 18:30 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-19 18:30 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-19 18:30 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-19 18:30 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-19 18:30 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-19 18:30 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-19 18:30 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-19 18:30 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-19 18:30 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-19 18:30 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-19 18:30 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-19 18:30 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-19 18:30 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-19 18:29 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-19 18:29 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-19 18:29 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-19 18:29 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-19 18:29 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-19 18:29 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-19 18:29 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-19 18:29 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-19 18:29 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-19 18:29 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-19 18:29 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-19 18:29 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-19 18:29 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-19 18:29 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-19 18:29 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-19 18:29 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-19 18:29 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-19 18:29 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-19 18:29 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-19 18:29 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-19 18:29 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-19 18:29 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-19 18:29 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-19 18:29 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-19 18:29 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-19 18:29 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-19 18:29 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-19 18:29 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-19 18:29 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-19 18:29 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-19 18:29 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-19 18:29 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-19 18:29 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-19 18:29 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-19 18:29 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-19 18:29 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-19 18:29 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-19 18:29 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-19 18:29 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-19 18:29 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-19 18:29 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-19 18:29 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-19 18:29 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-19 18:29 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-19 18:29 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-19 18:29 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-19 18:29 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-19 18:29 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-19 18:29 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-19 18:29 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-19 18:29 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-19 18:29 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-19 18:29 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-19 18:29 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-19 18:29 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-19 18:29 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-19 18:29 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-19 18:29 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-19 18:29 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-19 18:29 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-19 18:29 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-19 18:29 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-19 18:29 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-19 18:29 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-19 18:29 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-19 18:29 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-19 18:29 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-19 18:29 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-19 18:29 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-19 18:29 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-19 18:29 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-19 18:29 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-19 18:29 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-19 18:29 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-19 18:29 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-19 18:29 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-19 18:29 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-19 18:29 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-19 18:29 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-19 18:29 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-19 18:29 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-19 18:28 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-19 18:28 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-19 18:28 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-19 18:28 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-19 18:28 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-19 18:28 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-19 18:28 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-19 18:28 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-19 18:28 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-19 18:28 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-19 18:28 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-19 18:28 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-19 18:28 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-19 18:28 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-19 18:28 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-19 18:28 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-19 18:28 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-19 18:28 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-19 18:28 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-19 18:28 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-19 18:28 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-19 18:28 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-19 18:28 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-19 18:28 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-19 18:28 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-19 18:28 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-19 18:28 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-19 18:28 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-19 18:28 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-19 18:28 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-19 18:28 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-19 18:28 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-19 18:28 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-19 18:28 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-19 18:28 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-19 18:28 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-19 18:28 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-19 18:28 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-19 18:28 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-19 18:28 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-19 18:28 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-19 18:28 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-19 18:28 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-19 18:27 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-19 18:27 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-19 18:27 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-19 18:27 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-19 18:27 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-19 18:27 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-19 18:27 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-19 18:27 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-19 18:27 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-19 18:27 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-19 18:27 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-19 18:27 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-19 18:27 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-19 18:27 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-19 18:27 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-19 18:27 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-19 18:27 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-19 18:27 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-19 18:27 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-19 18:27 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-19 18:27 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-19 18:27 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-19 18:27 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-19 18:27 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-19 18:27 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-19 18:27 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-19 18:27 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-19 18:27 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-19 18:27 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-19 18:27 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-19 18:27 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-19 18:27 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-19 18:27 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-19 18:27 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-19 18:27 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-19 18:27 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-19 18:27 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-19 18:27 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-19 18:27 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-19 18:27 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-19 18:27 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-19 18:27 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-19 18:27 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-19 18:27 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-19 18:27 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-19 18:27 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-19 18:27 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-19 18:27 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-19 18:27 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-19 18:27 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-19 18:27 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-19 18:27 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-19 18:27 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-19 18:27 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-19 18:27 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-19 18:27 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-19 18:27 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-19 18:27 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-19 18:27 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-19 18:27 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-19 18:27 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-19 18:27 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-19 18:27 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-19 18:27 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-19 18:27 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-19 18:27 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-19 18:27 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-19 18:27 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-19 18:27 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-19 18:26 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-19 18:26 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-19 18:26 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-19 18:26 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-19 18:26 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-19 18:26 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-19 18:26 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-19 18:26 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-19 18:26 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-19 18:26 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-19 18:26 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-19 18:26 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-19 18:26 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-19 18:26 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-19 18:26 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-19 18:26 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-19 18:26 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-19 18:26 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-19 18:26 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-19 18:26 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-19 18:26 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-19 18:26 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-19 18:26 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-19 18:26 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-19 18:26 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-19 18:26 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-19 18:26 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-19 18:26 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-19 18:26 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-19 18:26 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-19 18:26 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-19 18:26 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-19 18:26 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-19 18:26 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-19 18:26 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-19 18:26 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-19 18:26 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-19 18:26 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-19 18:26 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-19 18:26 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-19 18:26 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-19 18:26 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-19 18:26 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-19 18:26 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-19 18:26 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-19 18:26 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-19 18:26 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-19 18:26 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-19 18:26 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-19 18:26 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-19 18:26 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-19 18:26 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-19 18:26 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-19 18:26 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-19 18:26 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-19 18:26 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-19 18:26 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-19 18:26 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-19 18:26 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-19 18:26 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-19 18:26 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-19 18:26 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-19 18:26 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-19 18:26 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-19 18:26 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-19 18:26 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-19 18:26 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-19 18:26 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-19 18:26 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-19 18:26 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-19 18:26 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-19 18:26 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-19 18:26 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-19 18:26 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-19 18:26 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-19 18:26 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-19 18:26 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-19 18:26 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-19 18:26 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-19 18:26 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-19 18:26 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-19 18:26 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-19 18:26 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-19 18:26 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-19 18:26 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-19 18:26 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-19 18:26 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-19 18:26 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-19 18:26 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-19 18:26 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-19 18:26 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-19 18:26 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-19 18:26 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-19 18:26 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-04 16:34 - 2017-07-17 21:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-04 14:37 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-04 12:28 - 2017-07-17 21:49 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6C06F7F6-A950-4E28-9825-97B517E7567D}
2017-10-04 11:59 - 2017-07-28 11:21 - 000000000 ____D C:\Users\jcale_000\AppData\Local\CrashDumps
2017-10-04 11:49 - 2017-04-16 00:37 - 000000000 ____D C:\Users\jcale_000\AppData\LocalLow\Mozilla
2017-10-04 11:48 - 2017-07-17 21:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-04 11:48 - 2017-05-31 18:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-03 23:50 - 2017-03-01 20:43 - 000002491 _____ C:\Users\jcale_000\Desktop\Diane - Chrome.lnk
2017-10-03 23:40 - 2014-12-25 15:31 - 000000000 ____D C:\Users\jcale_000\AppData\Local\Packages
2017-10-03 22:00 - 2015-03-26 18:47 - 000000000 ____D C:\ProgramData\ProductData
2017-10-03 21:59 - 2016-10-06 04:21 - 000000000 ____D C:\Users\jcale_000\Desktop\PCHunter_free
2017-10-03 16:42 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-02 10:21 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-02 10:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\tracing
2017-10-02 06:59 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-01 21:46 - 2017-02-23 01:25 - 000000000 ____D C:\Users\jcale_000\AppData\Local\ESET
2017-10-01 21:41 - 2017-03-18 17:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-10-01 21:21 - 2017-07-13 10:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-30 07:43 - 2017-07-17 21:18 - 001333654 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-30 07:36 - 2017-07-17 21:19 - 000000000 ____D C:\Users\jcale_000
2017-09-28 11:27 - 2015-12-16 18:37 - 000007609 _____ C:\Users\jcale_000\AppData\Local\Resmon.ResmonCfg
2017-09-28 08:34 - 2017-03-18 17:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-28 08:31 - 2014-05-06 04:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-27 18:38 - 2017-06-08 09:00 - 000000000 ____D C:\WINDOWS\pss
2017-09-27 00:29 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-26 21:23 - 2017-08-08 18:43 - 000000000 ____D C:\Users\jcale_000\AppData\Roaming\Dashlane
2017-09-26 21:22 - 2015-03-26 18:46 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-26 21:02 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-26 11:44 - 2017-07-27 10:44 - 000000000 ____D C:\Users\looki\AppData\Local\MicrosoftEdge
2017-09-26 11:29 - 2017-07-29 10:42 - 000000000 ____D C:\Users\looki\AppData\Local\CrashDumps
2017-09-25 18:39 - 2015-08-17 17:51 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 18:39 - 2015-08-17 17:51 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-24 16:34 - 2017-08-03 09:33 - 000000000 ____D C:\Users\jcale_000\VirtualBox VMs
2017-09-24 16:34 - 2017-08-03 09:14 - 000000000 ____D C:\Users\jcale_000\.VirtualBox
2017-09-24 16:19 - 2016-11-20 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-22 11:30 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-21 14:53 - 2017-07-17 21:48 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-21 14:53 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-21 14:53 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-20 12:12 - 2017-07-24 18:20 - 000000000 ____D C:\Users\looki
2017-09-20 12:10 - 2017-07-17 21:12 - 000395904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-20 01:18 - 2017-07-17 21:17 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-20 01:18 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-20 01:16 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-19 20:17 - 2017-07-24 18:24 - 000000000 ____D C:\Users\looki\AppData\Local\Publishers
2017-09-19 18:48 - 2014-12-30 20:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-19 18:43 - 2014-12-30 20:15 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-06-25 22:52 - 2017-05-30 08:17 - 000000199 _____ () C:\Users\jcale_000\AppData\Roaming\WB.CFG
2015-06-25 21:53 - 2015-06-25 21:53 - 000000064 _____ () C:\Users\jcale_000\AppData\Local\5cf99c0da0b29e94b2d58b662adbfeea
2015-12-16 18:37 - 2017-09-28 11:27 - 000007609 _____ () C:\Users\jcale_000\AppData\Local\Resmon.ResmonCfg
2016-06-11 15:59 - 2016-04-12 15:59 - 000000032 ____R () C:\ProgramData\hash.dat
2015-04-22 17:15 - 2012-10-24 15:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall934896.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\uninstall934896.exe


Some files in TEMP:
====================
2017-07-25 21:19 - 2017-08-11 17:29 - 003051288 _____ () C:\Users\looki\AppData\Local\Temp\npp.7.4.2.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-02 03:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2017 01
Ran by jcale_000 (04-10-2017 17:04:07)
Running from C:\Users\jcale_000\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-18 02:07:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-181910234-2577304340-1905641807-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-181910234-2577304340-1905641807-503 - Limited - Disabled)
Guest (S-1-5-21-181910234-2577304340-1905641807-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-181910234-2577304340-1905641807-1004 - Limited - Enabled)
jcale_000 (S-1-5-21-181910234-2577304340-1905641807-1002 - Administrator - Enabled) => C:\Users\jcale_000
looki (S-1-5-21-181910234-2577304340-1905641807-1005 - Limited - Enabled) => C:\Users\looki

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security Premium (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{5181A89F-09DD-E67D-46F8-C49E025FBFD2}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{37312517-1DD8-48E3-DC08-789E901A9020}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{31ACE608-9780-2E6C-A657-D4738BBE7DAD}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{D7888ADE-31D6-A417-8321-04CCF570BA35}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A2D7A75C-02A6-FC84-967D-B9894393971E}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{8D97FC65-8356-E742-D0F0-72B1FF8743D5}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{68A252A3-6775-0955-452F-10F6C2DA6111}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{ABAD4EB3-DF39-E1EF-BF30-B4E62E8F6A66}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{9F12D721-8755-C3F7-25CD-DC3E7D72CDF4}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E56983F1-03EF-85BC-86CA-2E5A6A6FD4FE}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{43EA9A21-C95E-6DF9-9892-9283B2CFAF89}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{49D2F54E-D0A0-A447-B9D0-7A479D12A106}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{FC4539F0-4063-5F68-0EB0-6B0FAD3A438B}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{2F05B3F3-9195-573C-6D8A-A978AFBDB1D6}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{7720E621-9FA2-505C-6E6D-A81A245659A6}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{E14554F1-13B4-BF54-1A1C-1A5D3BBD187E}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{AF7D189E-B7D5-DA70-3B76-74011BD2C72C}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{8628C260-8FE6-3A83-723C-3B980B57F2D2}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{BD750833-856E-0F37-DFEA-FC35B76C699C}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E9AE0D04-4F2D-901B-DA30-B8CC43270E89}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{F315CF1D-1B8F-7BE3-7EBB-E236D07E7E97}) (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
ESET Premium Line Encryption (HKLM\...\{EF216812-BFAB-4AA8-A6F1-C534AB9D9839}) (Version: 1.0.11 - ESET) Hidden
ESET Smart Security Premium (HKLM\...\{CB568622-B54D-4F68-9D68-0375CA200326}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.142 - IObit)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ESD Shell Icon Overlay Identifier] -> {AF106685-9C86-48AF-8524-8F485C459E17} => C:\Program Files\ESET\ESET Secure Data\esdovrly.dll [2016-08-09] (DESlock Limited)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-02-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A17EB4D-0A07-4A0B-9F14-26E207F9CB1A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {11BE64BD-E7A8-4BED-804F-36649283A4E7} - System32\Tasks\Driver Booster SkipUAC (jcale_000) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
Task: {1AAEE4A0-46AE-4472-B598-3D85AFE13CDD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {1CF019EB-0492-4E7B-82D1-9B0F0A2B4329} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {1E985A49-4767-4683-AA3D-AC138BA30D62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {2868D6E8-95CA-4936-855E-7491999F0A2C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {28A779BF-2F6E-4402-8031-4D33A761ECB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2CB31EA7-7FA1-43D6-800A-B735BCD08719} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-28] (Microsoft Corporation)
Task: {2D4E36AE-EDA0-468D-A503-5984DA2EFA5C} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {334AD2DB-E08A-4DBB-928D-BD80E15FC8BF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39851331-BAE0-424D-B15F-FD8267E0F03E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3D95F5B1-C1F5-410F-9495-AEEB2B29D8E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3EA0881F-8F9C-476B-9080-610D2A26B647} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4094B60C-EEE1-4A04-9D14-0549DE75CA07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-28] (Microsoft Corporation)
Task: {4375446B-E12E-4CD2-B5DF-40B5775A1ACE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {438711E6-EF18-4D98-9851-6DA38E5BD73C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {44EC163C-1858-4C1B-B0DA-F4EBB6F4C642} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4AAF6817-F5A6-4FD7-9D5D-4F797E181206} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-18] (Synaptics Incorporated)
Task: {4BD96B0A-497F-4145-8C69-53F9B63CB763} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-21] (Adobe Systems Incorporated)
Task: {58B12D53-3BA2-4883-8939-35F6F7682802} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5B29ABAA-82A5-46ED-8FEA-19CC08A3C3FD} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit)
Task: {6087E84F-F804-4A84-B851-67231AC598EC} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {6FBEC075-CBAD-4F40-91E0-3E2F9729D5FC} - System32\Tasks\S-1-5-21-181910234-2577304340-1905641807-1005\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {772F8D46-3A2C-4C4B-B602-0B154FD7A4A9} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {83B0F583-18EA-4B3F-ABB8-084540A02685} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {86E5ABAA-218E-47A5-85DE-7EDCD4044B67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {889F7CA0-064D-4CEB-84AE-EE447AB0C43C} - System32\Tasks\S-1-5-21-181910234-2577304340-1905641807-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {8A6B4A54-1901-4CEF-B780-AFAA2E3215E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8CADC051-005B-41D6-9D4D-76C349ACD03C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {94D1EFB1-7208-42BC-B805-BC58FFCF9F8D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9E5ECB80-EA7F-46BF-9D97-4E9518AB6A0C} - System32\Tasks\Uninstaller_SkipUac_looki => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {B380103B-1812-4BFA-BFC3-278C9DAF7BAA} - System32\Tasks\Uninstaller_SkipUac_jcale_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {BF8D09A6-95E1-4989-AD1B-BF15727BBA71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {C8B1BF6A-F8C7-47BC-9EB9-3663A2EA26DD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CB9DAF9D-30C3-42EA-A013-60EA123F09D5} - System32\Tasks\{67192EB9-12B2-4FE1-84D7-5B9D3D954E79} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Samsung\USB Drivers\Uninstall.exe"
Task: {D4452B44-1035-42CD-B2FA-AF85A2687BEE} - System32\Tasks\GoogleUpdateTaskMachineUA1d0426561d57528 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-17] (Google Inc.)
Task: {DA761741-8C16-4406-9558-D98BBA5983BD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-21] (Adobe Systems Incorporated)
Task: {EC4C779B-CD4E-48E3-927A-5FDD4D8B66EE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {FB20E3FB-01BD-43D5-B682-243E30DD323A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_jcale_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_looki.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\jcale_000\Desktop\Diane - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\jcale_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Validately Recorder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=jcedhlhflngocfijcjciecclhdhhalfh

==================== Loaded Modules (Whitelisted) ==============

2014-04-17 18:37 - 2014-04-17 18:37 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-28 08:28 - 2017-09-28 08:28 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-17 18:42 - 2016-05-17 18:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 18:39 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 18:39 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-06-12 01:04 - 2017-04-06 09:47 - 001409312 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPNativeMessage.exe
2016-03-04 16:57 - 2015-12-23 19:31 - 000625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-07-28 20:32 - 2015-12-23 18:32 - 000190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-07-28 20:32 - 2015-12-23 18:32 - 000057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jcale_000\Downloads\IObit-Malware-Fighter-Setup(1).exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4789 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-181910234-2577304340-1905641807-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jcale_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: OneDrive => "c:\users\jcale_000\appdata\local\microsoft\onedrive\onedrive.exe" /background
MSCONFIG\startupreg: RTHDVCPL => "c:\program files\realtek\audio\hda\rtkngui64.exe" -s
MSCONFIG\startupreg: Skype =>
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F50AA852-0722-40D2-9AA6-A83207180BBB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6581861C-8E6C-4E2A-BB38-2F1D3BDCB2C6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{04F87155-E853-4476-B505-570328197596}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{69B55499-4B16-42E2-AFCE-000530F4A700}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B6E9D874-1A4A-4B77-85F9-F3CD1BAB2687}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2721DF5A-CA67-4D2F-A646-8A7390B4CEB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ED74BFE2-9B9A-4473-92A4-29E216D4B95C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A76F5CA8-0BD3-46EC-B308-810F11CF5CC7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{49D2A28B-FA73-479D-B7C0-4024BF15EFE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{881CB867-5E03-439D-8A8C-D6704610BC3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0F59B9D7-A362-4767-8D76-BF2DED3BB285}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe
FirewallRules: [UDP Query User{2CA848F6-6B17-437C-8B75-CAA6BB35D393}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe
FirewallRules: [TCP Query User{B377ED1C-13B9-4097-84AF-DD75FCBEED14}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe
FirewallRules: [UDP Query User{E00AD859-F740-4015-9952-F26D1E86BEB5}C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe] => (Block) C:\program files (x86)\iobit\iobit malware fighter\surfing protection\ffnativemessage.exe

==================== Restore Points =========================

24-08-2017 08:40:53 Scheduled Checkpoint
19-09-2017 18:34:14 Windows Update
19-09-2017 18:35:33 Windows Update
24-09-2017 16:54:28 Removed Oracle VM VirtualBox 5.1.26
29-09-2017 08:46:44 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2017 12:01:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/04/2017 11:59:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RadeonSettings.exe, version: 10.1.1.1674, time stamp: 0x589dc8f2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1080
Faulting application start time: 0x01d33d28809e8202
Faulting application path: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Faulting module path: unknown
Report Id: 6aa6a4d9-e977-4024-8b28-4dd34bba793b
Faulting package full name:
Faulting package-relative application ID:

Error: (10/03/2017 11:42:45 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Personal firewall status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 11:42:45 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Smart Security Premium status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 11:42:45 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Smart Security Premium status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 11:42:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Personal firewall status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 11:42:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Smart Security Premium status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 11:42:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Smart Security Premium status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 10:42:30 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Personal firewall status to SECURITY_PRODUCT_STATE_ON.

Error: (10/03/2017 10:42:30 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating ESET Smart Security Premium status to SECURITY_PRODUCT_STATE_ON.


System errors:
=============
Error: (10/04/2017 11:49:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/04/2017 11:49:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/04/2017 11:48:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error:
Catastrophic failure

Error: (10/04/2017 11:48:35 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/04/2017 11:48:35 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/04/2017 11:48:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/04/2017 11:48:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:36:25 AM on ‎10/‎4/‎2017 was unexpected.

Error: (09/30/2017 03:25:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/30/2017 03:25:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/30/2017 03:23:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-10-03 21:20:42.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

  Date: 2017-10-03 21:20:41.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

  Date: 2017-10-01 21:47:43.098
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\VBoxNetAdp6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-01 21:47:40.072
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\hxsy64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 68%
Total physical RAM: 3528.98 MB
Available physical RAM: 1123.2 MB
Total Virtual: 6088.98 MB
Available Virtual: 3452.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:441.09 GB) (Free:349.02 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.72 GB) (Free:2.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (USB Device) (Removable) (Total:14.92 GB) (Free:6.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D150C6EE)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 7FC0A032)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by britechguy, 05 October 2017 - 01:09 PM.
Moved to MRL since FRST log was posted in AII


BC AdBot (Login to Remove)

 


#2 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 04 October 2017 - 07:10 PM

Sorry left out some info

 

Windows 10 Home on HP 15 laptop

 

eset internet security antivirus



#3 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,354 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 09 October 2017 - 10:46 AM

Hello spacecoaster,

My name is King_Yoshi and I will be helping you today.

If at any point you have any commentsquestions or concerns, please do not hesitate to post them.

Allow me some time to review your post.

In the meantime please review the following rules.

Basic Rules:

1. First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.
Please try to match our commitment to you with your patience toward us.
I try to reply as soon as possible. (Typically every 24-48 hours.)

2. Please do not run any tools or take any steps other than those I provide for you.
I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take.
If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.

3. Please perform all steps in the order they are listed, in each set of instructions. Some steps may be a bit complicated.
If things are not clear, be sure to stop and let me know.

4. Please copy and paste all logs into your post, unless directed otherwise.
Please do not re-run any programs I suggest.
If you encounter problems simply stop and tell me.

5. When you post your reply, use the 23k3g9t.jpg button.

6. In the upper right hand corner of the topic you will see the j81kk3.jpg button.
Please click on this then choose "Immediate E-Mail notification" and then "Proceed" and you will be sent an email once I have posted a response.

7. If you do not reply to your topic after 3 days I will bump the post. After 5 days of no reply we will assume it has been abandoned and I will close it.

8. When your computer is clean I will alert you of such.
I will also provide for you detailed information about how you can prevent and combat future infections. 



#4 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 10 October 2017 - 08:36 AM

Hi thank you so much for offering your help. Where should we begin?

#5 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,354 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 10 October 2017 - 09:18 AM

Hello Spacecoaster,

 

Hi thank you so much for offering your help. Where should we begin?

Kindly allow me some time, as I am reviewing and analyzing the logs you posted.

I will let you know what the next step is as soon as I have finished the analysis.

Thank you. :)



#6 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 11 October 2017 - 06:51 AM

ok awesome thank you so much



#7 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,354 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 11 October 2017 - 08:03 AM

Hello spacecoaster,

Thank you for your kind patients.
 

:step1: I have a few questions for yourself.

1.) Which specific folders are you not able to access?
2.) Regarding what superantispyware found. Do you use any Halo modding tools or programs?
3.) Did you disable system messages for "Low Disk Space" and "Use the Web service to find the correct program" Dialogs?
4.) Would you like to keep the following Chrome toolbars and addons? They are considered to be PUPs.
     A.) iobit Surfing Protection & Ads Removal
     B.) Ebates: The Free Cash Back Shopping Assistant
     C.) InvisibleHand
     D.) Total AV Web Shield
     E.) Swagbucks Search
     F.) UserZoom Surveys Extension
     G.) uTab
     H.) Bing Toolbar

:step2: Lets take a look at whats running on your network.

1.) Please download TCPView and let it run for a few minutes.

2.) While it is running, go to File and select "Save As" to save a log of the results

Save_As.png

3.) Please Copy and paste the contents of this log into your next post.



#8 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 12 October 2017 - 12:14 AM

1.) Which specific folders are you not able to access? Under this pc, there are seperate files that are greyed out for my music, my pictures, my documents. they all say access denied when I click on the greyed out ones. The version I can get into all have a desktop.ini file inside them all. 

C drive, cant access documents and settings, system volume information, etc. templates, start menu, recovery, administrator, users, the list can go on and on..

2.) Regarding what superantispyware found. Do you use any Halo modding tools or programs? no, my grandson use to play halo on his xbox live, but he no longer uses this laptop. 

3.) Did you disable system messages for "Low Disk Space" and "Use the Web service to find the correct program" Dialogs?  I am not sure, my mother may have at some point. I just text her to ask her , she is at work. I will let you know. The recovery drive is almost full, its in the red and I dont think the computer was working right so I think she may have

4.) Would you like to keep the following Chrome toolbars and addons?   No, we can get rid of all of them. 

 

posting tcpview...already think i see some issues but i will let you be the judge of that... =)



#9 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 12 October 2017 - 12:16 AM

[System Process] 0 TCP lonearcticwolf 2618 atl14s77-in-f10.1e100.net https TIME_WAIT
chrome.exe 6332 UDP lonearcticwolf 5353 * * 26 2,444
chrome.exe 6332 UDPV6 lonearcticwolf 5353 * *
chrome.exe 10208 TCP lonearcticwolf 2571 yk-in-f188.1e100.net 5228 ESTABLISHED
chrome.exe 10208 UDP lonearcticwolf 5353 * *
chrome.exe 10208 TCP lonearcticwolf 2604 104.20.59.209 https ESTABLISHED
chrome.exe 10208 TCP lonearcticwolf 2607 104.24.0.61 https ESTABLISHED
chrome.exe 10208 TCP lonearcticwolf 2620 atl14s78-in-f3.1e100.net https ESTABLISHED
dasHost.exe 2236 UDP lonearcticwolf ws-discovery * *
dasHost.exe 2236 UDP lonearcticwolf ws-discovery * *
dasHost.exe 2236 UDP lonearcticwolf 52462 * *
dasHost.exe 2236 UDPV6 lonearcticwolf 3702 * *
dasHost.exe 2236 UDPV6 lonearcticwolf 3702 * *
dasHost.exe 2236 UDPV6 lonearcticwolf 52463 * *
ekrn.exe 1848 UDP lonearcticwolf 57920 * * 6 640 6 1,106
ekrn.exe 1848 UDP lonearcticwolf 60602 * *
ekrn.exe 1848 UDP lonearcticwolf 60603 * *
ekrn.exe 1848 UDP lonearcticwolf 60605 * *
ekrn.exe 1848 UDP lonearcticwolf 62870 * *
ekrn.exe 1848 UDP lonearcticwolf 62875 * *
ekrn.exe 1848 UDP lonearcticwolf 62876 * *
ekrn.exe 1848 UDP lonearcticwolf 62878 * *
lsass.exe 856 TCP lonearcticwolf 1542 lonearcticwolf 0 LISTENING
lsass.exe 856 TCPV6 lonearcticwolf 1542 lonearcticwolf 0 LISTENING
MBAMService.exe 3760 TCP lonearcticwolf 1588 ec2-54-200-211-218.us-west-2.compute.amazonaws.com https CLOSE_WAIT
services.exe 804 TCP lonearcticwolf 1549 lonearcticwolf 0 LISTENING
services.exe 804 TCPV6 lonearcticwolf 1549 lonearcticwolf 0 LISTENING
spoolsv.exe 2220 TCP lonearcticwolf 1544 lonearcticwolf 0 LISTENING
spoolsv.exe 2220 TCPV6 lonearcticwolf 1544 lonearcticwolf 0 LISTENING
svchost.exe 520 TCP lonearcticwolf epmap lonearcticwolf 0 LISTENING
svchost.exe 1264 TCP lonearcticwolf 1538 lonearcticwolf 0 LISTENING
svchost.exe 1572 UDP lonearcticwolf ssdp * * 81 17,338
svchost.exe 1572 UDP lonearcticwolf ssdp * *
svchost.exe 1572 UDP lonearcticwolf ws-discovery * *
svchost.exe 1616 UDP lonearcticwolf ws-discovery * *
svchost.exe 1572 UDP lonearcticwolf ws-discovery * *
svchost.exe 1616 UDP lonearcticwolf ws-discovery * *
svchost.exe 1436 UDP lonearcticwolf 5050 * *
svchost.exe 1580 UDP lonearcticwolf llmnr * * 4 132
svchost.exe 1572 UDP lonearcticwolf 51699 * *
svchost.exe 1572 UDP lonearcticwolf 51705 * * 12 1,644 12 4,932
svchost.exe 1572 UDP lonearcticwolf 51706 * * 12 1,644
svchost.exe 1616 UDP lonearcticwolf 52460 * *
svchost.exe 520 TCPV6 lonearcticwolf epmap lonearcticwolf 0 LISTENING
svchost.exe 1264 TCPV6 lonearcticwolf 1538 lonearcticwolf 0 LISTENING
svchost.exe 1572 UDPV6 lonearcticwolf 1900 * *
svchost.exe 1572 UDPV6 [fe80:0:0:0:f884:9bde:88f1:dcff] 1900 * *
svchost.exe 1572 UDPV6 lonearcticwolf 3702 * *
svchost.exe 1616 UDPV6 lonearcticwolf 3702 * *
svchost.exe 1616 UDPV6 lonearcticwolf 3702 * *
svchost.exe 1572 UDPV6 lonearcticwolf 3702 * *
svchost.exe 1580 UDPV6 lonearcticwolf 5355 * *
svchost.exe 1572 UDPV6 lonearcticwolf 51700 * *
svchost.exe 1572 UDPV6 [fe80:0:0:0:f884:9bde:88f1:dcff] 51703 * *
svchost.exe 1572 UDPV6 lonearcticwolf 51704 * *
svchost.exe 1616 UDPV6 lonearcticwolf 52461 * *
svchost.exe 10292 TCP lonearcticwolf 2390 lonearcticwolf 0 LISTENING
svchost.exe 10292 TCPV6 lonearcticwolf 2390 lonearcticwolf 0 LISTENING
svchost.exe 6288 UDPV6 lonearcticwolf 500 * *
svchost.exe 6288 UDPV6 lonearcticwolf 4500 * *
svchost.exe 6288 UDP lonearcticwolf isakmp * *
svchost.exe 6288 UDP lonearcticwolf ipsec-msft * *
svchost.exe 6288 TCP lonearcticwolf 2435 bn3sch020010629.wns.windows.com https ESTABLISHED 6 2,351 6 1,044
svchost.exe 1580 UDP lonearcticwolf 5353 * * 2 188
svchost.exe 1580 UDPV6 lonearcticwolf 5353 * *
System 4 TCP lonearcticwolf netbios-ssn lonearcticwolf 0 LISTENING
System 4 TCP lonearcticwolf microsoft-ds lonearcticwolf 0 LISTENING
System 4 TCP lonearcticwolf wsd lonearcticwolf 0 LISTENING
System 4 UDP lonearcticwolf netbios-ns * * 126 6,300 33 1,650
System 4 UDP lonearcticwolf netbios-dgm * *
System 4 TCPV6 lonearcticwolf microsoft-ds lonearcticwolf 0 LISTENING
System 4 TCPV6 lonearcticwolf wsd lonearcticwolf 0 LISTENING
wininit.exe 700 TCP lonearcticwolf 1536 lonearcticwolf 0 LISTENING
wininit.exe 700 TCPV6 lonearcticwolf 1536 lonearcticwolf 0 LISTENING


#10 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 12 October 2017 - 12:18 AM

Ok, and she just text me back answering the question did you ever disable system messages for "Low Disk Space" and "Use the Web service to find the correct program" her response was no never....why?? so apparently she has not



#11 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,354 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 12 October 2017 - 01:43 PM

Ok, and she just text me back answering the question did you ever disable system messages for "Low Disk Space" and "Use the Web service to find the correct program" her response was no never....why?? so apparently she has not

Thank you for your fast response.
Allow me to review the TCPView log and I will get back to you as soon as possible.



#12 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,354 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 13 October 2017 - 11:19 AM

:step1:  I have two more questions for yourself.

1.) Which account are you using, when you are trying to view the locked folders?
2.) Do the folders you are trying to access belong to yourself or another user?

 

 

:step2: We need to run a FRST Fix

1.) Please download the attached fixlist.txt and save it in the same location that FRST is.
→→
Attached File  fixlist.txt   5.16KB   6 downloads ←←
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

2.) Then Open FRST and press the Fix button once and wait.

If for some reason the tool needs the computer to restart, please make sure you let the system restart normally, then let the tool complete its run
FRST_Fix_Button.png

 

You may be asked for elevated permissions to run FRST. If so kindly say "Yes" and enter the required information.
Wun10UAC.png

3.) When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it into your next reply.



#13 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 13 October 2017 - 04:37 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by jcale_000 (13-10-2017 17:33:48) Run:1
Running from C:\Users\jcale_000\Desktop
Loaded Profiles: jcale_000 (Available Profiles: jcale_000 & looki & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR Extension: (Bing) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aodojjhnfnfhaplflfohfddffmjkdjak [2017-09-30]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-21]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-09-30]
CHR Extension: (InvisibleHand) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-09-30]
CHR Extension: (Total AV Web Shield) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-03]
CHR Extension: (Swagbucks Search) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2017-07-18]
CHR Extension: (UserZoom Surveys Extension) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo [2017-09-30]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\Policies\Explorer: [NoInternetOpenWith] 0
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=48","hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=856da4a8c66f4022b486f50b4f916f03&tu=10GA0006L2B000c&sku=&tstsId=&ver=&","hxxp://search.conduit.com/?CUI=UN48197210222461846&ctid=CT2233703&SearchSource=48","hxxp://home.sweetim.com/?crg=3.5000006.10045&barid={B02873DD-BB69-11E2-A273-00121772F3A1}","hxxp://search.conduit.com/?ctid=CT3287822&SearchSource=48&CUI=UN25695043620033243&UM=2","hxxp://mysearch.avg.com/?cid={A56DFE10-DFA1-4E52-A2C5-C38E84D2986D}&mid=3e5df4de073147d08263d1098c75733b-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=pr&d=2013-05-20 06:25:39&v=15.2.0.5&pid=safeguard&sg=1&sap=hp
Task: {2868D6E8-95CA-4936-855E-7491999F0A2C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {28A779BF-2F6E-4402-8031-4D33A761ECB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {334AD2DB-E08A-4DBB-928D-BD80E15FC8BF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {39851331-BAE0-424D-B15F-FD8267E0F03E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3D95F5B1-C1F5-410F-9495-AEEB2B29D8E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3EA0881F-8F9C-476B-9080-610D2A26B647} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {44EC163C-1858-4C1B-B0DA-F4EBB6F4C642} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {58B12D53-3BA2-4883-8939-35F6F7682802} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
 
ListPermissions: C:\Users\jcale_000\Pictures
ListPermissions: C:\Users\jcale_000\Videos
ListPermissions: C:\Users\jcale_000\Music
ListPermissions: C:\Users\jcale_000\Documents
ListPermissions: C:\Users\jcale_000\Downloads
ListPermissions: C:\Users\jcale_000\Desktop
Cmd: cd "C:\"
Cmd: dir /a
*****************
 
CHR Extension: (Bing) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aodojjhnfnfhaplflfohfddffmjkdjak [2017-09-30] => Error: No automatic fix found for this entry.
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-21] => Error: No automatic fix found for this entry.
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-09-30] => Error: No automatic fix found for this entry.
CHR Extension: (InvisibleHand) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2017-09-30] => Error: No automatic fix found for this entry.
CHR Extension: (Total AV Web Shield) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-03] => Error: No automatic fix found for this entry.
CHR Extension: (Swagbucks Search) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnegnghjbbaaojdkcdgmdehpakckeekb [2017-07-18] => Error: No automatic fix found for this entry.
CHR Extension: (UserZoom Surveys Extension) - C:\Users\jcale_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo [2017-09-30] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\looohgelibjoplmkhecmalapkgadkfcc => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp => key removed successfully
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp => key removed successfully
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value removed successfully
HKU\S-1-5-21-181910234-2577304340-1905641807-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
Chrome StartupUrls => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2868D6E8-95CA-4936-855E-7491999F0A2C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2868D6E8-95CA-4936-855E-7491999F0A2C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28A779BF-2F6E-4402-8031-4D33A761ECB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28A779BF-2F6E-4402-8031-4D33A761ECB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{334AD2DB-E08A-4DBB-928D-BD80E15FC8BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{334AD2DB-E08A-4DBB-928D-BD80E15FC8BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39851331-BAE0-424D-B15F-FD8267E0F03E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39851331-BAE0-424D-B15F-FD8267E0F03E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D95F5B1-C1F5-410F-9495-AEEB2B29D8E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D95F5B1-C1F5-410F-9495-AEEB2B29D8E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EA0881F-8F9C-476B-9080-610D2A26B647} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA0881F-8F9C-476B-9080-610D2A26B647} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EC163C-1858-4C1B-B0DA-F4EBB6F4C642} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EC163C-1858-4C1B-B0DA-F4EBB6F4C642} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58B12D53-3BA2-4883-8939-35F6F7682802} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58B12D53-3BA2-4883-8939-35F6F7682802} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => key removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found. 
===================================
permissions of "C:\Users\jcale_000\Pictures":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
===================================
permissions of "C:\Users\jcale_000\Videos":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
===================================
permissions of "C:\Users\jcale_000\Music":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
===================================
permissions of "C:\Users\jcale_000\Documents":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI)
BUILTIN\Administrators ALLOW FULL (OI-CI)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
===================================
permissions of "C:\Users\jcale_000\Downloads":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
===================================
permissions of "C:\Users\jcale_000\Desktop":
 
Owner: LONEAREAD+TICWriteOwner+LF\jcale_000
 
DACL(AI):
 
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI)
BUILTIN\Administrators ALLOW FULL (OI-CI)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I)
LONEAREAD+TICWriteOwner+LF\jcale_000 ALLOW FULL (OI-CI-I)
lonearcticwolf\looki ALLOW FULL (OI-CI-I)
 
===================================
 
========= cd "C:\" =========
 
 
========= End of CMD: =========
 
 
========= dir /a =========
 
 Volume in drive C is Windows
 Volume Serial Number is E0A6-BC0C
 
 Directory of C:\Users\jcale_000\Desktop
 
10/13/2017  05:33 PM    <DIR>          .
10/13/2017  05:33 PM    <DIR>          ..
10/04/2017  05:05 PM            45,194 Addition.txt
10/04/2017  07:18 PM         8,250,832 AdwCleaner.exe
09/22/2017  12:56 PM             7,800 attach.txt
10/04/2017  04:43 PM         1,306,150 Autoruns.zip
04/16/2017  12:28 AM           109,668 Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites.html
04/16/2017  12:28 AM    <DIR>          Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites_files
07/09/2017  10:10 AM               799 data-recovery_setup_full1667.exe.lnk
08/03/2017  09:30 AM       154,859,520 data.tar
09/22/2017  12:52 PM           688,992 dds.com
09/22/2017  12:56 PM            94,075 dds.txt
10/13/2017  05:15 PM               282 desktop.ini
10/03/2017  11:50 PM             2,491 Diane - Chrome.lnk
08/08/2017  05:47 PM            63,874 drivers.html
09/26/2017  10:36 PM         2,870,984 esetsmartinstaller_enu.exe
10/01/2017  09:38 PM         3,137,152 eset_smart_security_premium_live_installer_us.exe
07/27/2017  08:49 AM    <DIR>          etc
10/13/2017  05:30 PM             5,287 fixlist.txt
10/13/2017  05:35 PM            16,207 Fixlog.txt
10/13/2017  05:32 PM    <DIR>          FRST-OlderVersion
10/04/2017  05:05 PM            74,710 FRST.txt
10/13/2017  05:32 PM         2,401,792 FRST64.exe
10/04/2017  07:19 PM         1,875,480 mbae-setup-1.10.1.41.exe
07/17/2017  04:54 PM        18,357,776 MediaCreationTool.exe
10/04/2017  05:59 PM    <DIR>          PCHunter_free
06/13/2017  02:00 AM         6,559,869 PCHunter_free.zip
10/04/2017  04:48 PM         1,931,969 ProcessExplorer.zip
10/04/2017  04:48 PM         1,004,649 ProcessMonitor.zip
07/27/2017  10:58 AM            13,270 Rally Age - Goals.html
07/27/2017  10:58 AM    <DIR>          Rally Age - Goals_files
08/29/2017  01:38 PM    <DIR>          Resumes and work related
10/13/2017  05:23 PM         1,792,640 rkill.exe
10/13/2017  05:25 PM             1,642 Rkill.txt
10/13/2017  05:24 PM           983,168 rkill64.exe
06/06/2017  06:27 PM             1,560 SDBootTime_2017-05-25-08-41-18.log
07/10/2017  03:09 AM           524,900 Show-Hidden.txt
10/03/2017  09:29 PM            12,389 Significant Figure Rules.html
10/03/2017  09:29 PM    <DIR>          Significant Figure Rules_files
07/09/2017  09:32 AM        12,670,024 StellarPhoenixPhotoRecoverySoftware.exe
10/04/2017  05:09 PM             1,872 SUPERAntiSpyware Free Edition.lnk
10/04/2017  05:08 PM        30,595,768 SUPERAntiSpyware.exe
07/10/2017  03:02 AM               310 SystemLook.txt
10/12/2017  12:49 AM             5,596 tcplog1.txt
10/12/2017  12:51 AM             5,101 tcplog2.txt
10/12/2017  12:18 AM           291,606 TCPView.zip
09/26/2017  10:42 PM               678 Turn_Off_Windows_Defender_Antivirus.reg
07/27/2017  08:49 AM    <DIR>          usr
06/08/2017  05:29 PM         6,108,136 vipre-advanced-security-trial.exe
07/17/2017  06:52 PM               746 Windows 10 Upgrade Assistant.lnk
10/02/2017  10:18 AM    <DIR>          WlanTraces
              40 File(s)    256,674,958 bytes
              11 Dir(s)  370,213,150,720 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog 17:35:06 ====


#14 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 13 October 2017 - 04:43 PM

1.) Which account are you using, when you are trying to view the locked folders? the j_caleb, or lonearctic wolfe...the main account which should be the administrator account
2.) Do the folders you are trying to access belong to yourself or another user? they belong to me..the whole computer is mine. no one else uses it



#15 spacecoaster

spacecoaster
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:28 AM

Posted 13 October 2017 - 05:49 PM

there are so many entries in the autoruns that keep coming back as malware...like so many i cant even list all of them. alot come back saying honeypot, malware, networkworm






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users