Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Citypage.today extension bing redirect virus.....and more!!


  • This topic is locked This topic is locked
36 replies to this topic

#1 ChazInMT

ChazInMT

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 28 January 2018 - 09:25 AM

I downloaded a virus that does not want to be uninstalled, prevents me from starting in safe mode, redirects my Google searches to bing and generally makes my computer run slower. I have tried numerous AntiVirus and scan things...but to no avail. The download thing happened on Jan 16 at 9:30pm or so (within 5 minutes) 

 

My problem is identical to this guys.  https://www.bleepingcomputer.com/forums/t/668641/windows-process-manager-32-bit-virus/

 

The main culprit appears to being driven by these 3 stooges on my computer:

 

msaoxpksvc.exe

rpcnetp.exe

wpbbin.exe

 

I consider myself a fairly competent computer user, but this is clearly out of my league to resolve.

 

Thanks so much for your help, I know this was hugely self inflicted as I downloaded a movie I wanted to watch via torrents, the movie didn't run on either media player MS or VLC....But the download conveniently included an update to my divx codec or something that would allow the movie to play if I ran the update......uh.....it didn't..at all, ever. That's how they got me. I was able to delete a lot of the original files right away, but have spent hours seeking a solution to this bing redirect which I fear is the tip of the iceberg.

 

Much Respect to You

 

Charlie

 

Here are my logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Charlie (administrator) on CHARLIESLAPTOP (28-01-2018 08:44:28)
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie & MSSQL$XACTWARE1 (Available Profiles: Charlie & MSSQL$XACTWARE1)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\msaoxpksvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Charlie\AppData\Local\exrhlno\exrhlno.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Charlie\AppData\Local\msewkpu\vdbzean.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-21] (AVAST Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [XCDownloadApplet] => C:\Program Files (x86)\Xactware\Xactimate28\CORE\XCDownloadApplet.exe [531920 2017-06-06] (Xactware)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-80-1403080342-2827387752-2250493637-3338715181-2364043152\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9003c790-29fb-41f4-9de2-56ead05c5951}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3932784059-906377476-503307768-1001 -> DefaultScope {65DF8768-4C97-4B82-B324-7659079A7E77} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-26] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: f1yx5fjz.default
FF ProfilePath: C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default [2018-01-28]
FF Extension: (Avast SafePrice) - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default\Extensions\sp@avast.com.xpi [2018-01-23]
FF Extension: (Avast Online Security) - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default\Extensions\wrc@avast.com.xpi [2018-01-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\Charlie\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-11-20] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default [2018-01-28]
CHR Extension: (Slides) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (YouTube) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Avast SafePrice) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-01-22]
CHR Extension: (Sheets) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-07]
CHR Extension: (AdBlock) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\gmkwcrd <==== ATTENTION (Rootkit!)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-21] (AVAST Software)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99840 2017-07-13] () [File not signed]
R2 MSSQL$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
R2 MSSQL$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S4 SQLAgent$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-06] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-21] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-21] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-21] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-21] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-21] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-21] ()
S4 RsFx0320; C:\WINDOWS\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
S3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-16] (Zemana Ltd.)
S1 kzmrwzfu; \??\C:\WINDOWS\system32\drivers\kzmrwzfu.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
R3 osvybf; system32\drivers\vybfil.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-28 08:44 - 2018-01-28 08:45 - 000018389 _____ C:\Users\Charlie\Downloads\FRST.txt
2018-01-28 08:44 - 2018-01-28 08:44 - 002393088 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2018-01-28 08:44 - 2018-01-28 08:44 - 000000000 ____D C:\FRST
2018-01-28 08:32 - 2018-01-28 08:32 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-28 08:30 - 2018-01-28 08:30 - 000142672 ____N C:\WINDOWS\system32\Drivers\wdmuxbeh.sys
2018-01-28 03:26 - 2018-01-28 03:26 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-28 03:25 - 2018-01-28 08:23 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 03:25 - 2018-01-28 03:25 - 026916424 _____ (Adlice Software) C:\Users\Charlie\Downloads\RogueKiller_portable64.exe
2018-01-28 03:17 - 2018-01-28 03:18 - 000019482 _____ C:\TDSSKiller.3.1.0.16_28.01.2018_03.17.42_log.txt
2018-01-28 03:17 - 2018-01-28 03:17 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Charlie\Downloads\tdsskiller.exe
2018-01-28 01:25 - 2018-01-28 01:26 - 000881904 _____ (Plumbytes Software) C:\Users\Charlie\Downloads\antimalwaresetup.exe
2018-01-27 23:56 - 2018-01-27 23:56 - 000113158 _____ C:\Users\Charlie\Documents\cc_20180127_235613.reg
2018-01-27 23:49 - 2018-01-27 23:50 - 011205832 _____ (Piriform Ltd) C:\Users\Charlie\Downloads\ccsetup539.exe
2018-01-25 01:10 - 2018-01-25 01:10 - 000000000 ____D C:\Users\Charlie\AppData\Local\ElevatedDiagnostics
2018-01-25 01:06 - 2018-01-25 01:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3932784059-906377476-503307768-1001
2018-01-24 23:29 - 2018-01-24 23:29 - 008206624 _____ (Malwarebytes) C:\Users\Charlie\Downloads\adwcleaner_7.0.7.0.exe
2018-01-24 23:18 - 2018-01-24 23:18 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-01-24 23:02 - 2018-01-28 00:55 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-24 23:01 - 2018-01-24 23:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-24 23:00 - 2018-01-24 23:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\hitmanpro_x64.exe
2018-01-23 23:07 - 2018-01-23 23:19 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\uTorrent
2018-01-23 23:00 - 2018-01-23 23:00 - 000063855 _____ C:\Users\Charlie\Downloads\Star.Trek.Discovery.S01E12.iNTERNAL.720p.WEB.x264-BAMBOOZLE[rartv]-[rarbg.to].torrent
2018-01-23 00:13 - 2018-01-23 00:13 - 009932672 _____ C:\Users\Charlie\Downloads\bitdefender_online(2).exe
2018-01-21 23:42 - 2018-01-21 23:42 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-01-21 23:10 - 2018-01-21 23:46 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-01-21 23:03 - 2018-01-21 23:03 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2018-01-21 23:01 - 2018-01-21 23:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-21 23:01 - 2018-01-21 23:01 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-21 23:01 - 2018-01-21 23:01 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-21 23:01 - 2018-01-21 23:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-21 23:01 - 2018-01-21 23:01 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-21 23:00 - 2018-01-27 11:00 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-21 23:00 - 2018-01-21 23:01 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-21 23:00 - 2018-01-21 23:01 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-21 22:59 - 2018-01-21 22:59 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-21 22:57 - 2018-01-21 22:57 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-21 22:56 - 2018-01-21 23:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-21 22:56 - 2018-01-21 22:56 - 007172032 _____ (AVAST Software) C:\Users\Charlie\Downloads\avast_free_antivirus_setup_online.exe
2018-01-21 01:36 - 2018-01-28 02:14 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Mozilla
2018-01-21 01:36 - 2018-01-21 01:40 - 000000000 ____D C:\Users\Charlie\AppData\Local\Mozilla
2018-01-21 01:36 - 2018-01-21 01:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-21 01:36 - 2018-01-21 01:36 - 000001004 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-21 01:36 - 2018-01-21 01:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-21 01:36 - 2018-01-21 01:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-21 01:35 - 2018-01-21 01:35 - 000311232 _____ (Mozilla) C:\Users\Charlie\Downloads\Firefox Installer.exe
2018-01-21 00:42 - 2018-01-21 00:43 - 000000000 ____D C:\Users\Charlie\Downloads\backups
2018-01-21 00:32 - 2018-01-21 00:32 - 000388608 _____ (Trend Micro Inc.) C:\Users\Charlie\Downloads\HijackThis.exe
2018-01-20 22:10 - 2018-01-28 08:30 - 002888192 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\msaoxpksvc.exe
2018-01-19 22:34 - 2018-01-21 22:18 - 000075761 _____ C:\Users\Charlie\Desktop\mb-clean-results.txt
2018-01-19 22:34 - 2018-01-19 22:34 - 000863696 _____ (Malwarebytes) C:\Users\Charlie\Downloads\mb-clean-3.1.0.1031.exe
2018-01-19 18:53 - 2018-01-19 18:53 - 000003592 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-CHARLIESLAPTOP-Charlie
2018-01-19 18:50 - 2018-01-19 18:50 - 002517523 _____ C:\Users\Charlie\Downloads\LiftMaster 1345 Owners Manual.pdf
2018-01-16 23:32 - 2018-01-24 23:37 - 000000000 ____D C:\AdwCleaner
2018-01-16 23:19 - 2018-01-28 08:44 - 000034427 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-16 23:19 - 2018-01-21 01:47 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-16 23:19 - 2018-01-21 01:42 - 000086868 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-16 23:19 - 2018-01-16 23:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-16 23:19 - 2018-01-16 23:19 - 000000000 ____D C:\Users\Charlie\AppData\Local\Zemana
2018-01-16 22:54 - 2018-01-16 22:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-16 22:53 - 2018-01-16 22:53 - 083316440 _____ (Malwarebytes ) C:\Users\Charlie\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-16 22:38 - 2018-01-21 22:22 - 000002754 _____ C:\Users\Charlie\Desktop\Rkill.txt
2018-01-16 22:35 - 2018-01-16 22:35 - 008198432 _____ (Malwarebytes) C:\Users\Charlie\Downloads\AdwCleaner.exe
2018-01-16 22:34 - 2018-01-16 22:34 - 006625600 _____ (Zemana Ltd. ) C:\Users\Charlie\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-16 22:33 - 2018-01-16 22:33 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Charlie\Downloads\rkill.exe
2018-01-16 21:31 - 2018-01-27 23:25 - 000000000 ____D C:\Users\Charlie\AppData\Local\exeicws
2018-01-16 21:28 - 2018-01-28 08:33 - 000000000 ____D C:\Users\Charlie\AppData\Local\exrhlno
2018-01-16 21:28 - 2018-01-16 21:30 - 000000000 ____D C:\Users\Charlie\AppData\Local\msewkpu
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nicpmra
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\WINDOWS\system32\nicpmra
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\et
2018-01-16 05:24 - 2018-01-16 05:24 - 000051643 _____ C:\WINDOWS\uninstaller.dat
2018-01-14 14:56 - 2018-01-14 14:56 - 000053611 _____ C:\Users\Charlie\Downloads\Airbnb Travel Itinerary, Confirmation Code HMXJAAPMZS.pdf
2018-01-13 20:07 - 2018-01-13 20:07 - 000426383 _____ C:\Users\Charlie\Downloads\2005-subaru-forester-33111.pdf
2018-01-12 15:09 - 2018-01-15 23:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-09 23:49 - 2018-01-17 22:53 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\vlc
2018-01-09 23:47 - 2018-01-09 23:47 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-09 23:47 - 2018-01-09 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-09 23:46 - 2018-01-09 23:46 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-09 23:45 - 2018-01-09 23:45 - 030863288 _____ C:\Users\Charlie\Downloads\vlc-2.2.8-win32.exe
2018-01-09 17:16 - 2018-01-09 17:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-01-09 13:59 - 2018-01-09 13:59 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1) (1).pdf
2018-01-09 13:50 - 2018-01-09 15:50 - 000792040 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2018.pdf
2018-01-09 13:27 - 2018-01-09 13:51 - 002746583 ____H C:\Users\Charlie\Downloads\~WRL0005.tmp
2018-01-09 13:09 - 2018-01-09 13:09 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1).pdf
2018-01-06 22:34 - 2018-01-20 21:11 - 000000000 ____D C:\Users\Charlie\Downloads\Memes
2018-01-05 17:16 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 17:16 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 17:16 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 17:16 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 17:16 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 17:16 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 17:16 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 17:16 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 17:16 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 17:16 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 17:16 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 17:16 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 17:16 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 17:16 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 17:16 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 17:16 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 17:16 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 17:16 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 17:16 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 17:16 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 17:16 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 17:16 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 17:16 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 17:16 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 17:16 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 17:16 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 17:16 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 17:16 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 17:16 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 17:16 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 17:16 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 17:16 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 17:16 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 17:16 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 17:16 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 17:16 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 17:16 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 17:16 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 17:16 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 17:16 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 17:16 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 17:16 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 17:16 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 17:16 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 17:16 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 17:16 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 17:16 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 17:16 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 17:16 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 17:16 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 17:16 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 17:16 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 17:16 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 17:16 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 17:16 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 17:16 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 17:16 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 17:16 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 17:16 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 17:16 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 17:16 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 17:16 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-05 17:16 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 17:16 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 17:15 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 17:15 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 17:15 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 17:15 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 17:15 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 17:15 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 17:15 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 17:15 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 17:15 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 17:15 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 17:15 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 17:15 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 17:15 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 17:15 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 17:15 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 17:15 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 17:15 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 17:15 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 17:15 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 17:15 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 17:15 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 17:15 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 17:15 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 17:15 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 17:15 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 17:15 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 17:15 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 17:15 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 17:15 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 17:15 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 17:15 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 17:15 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 17:15 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 17:15 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 17:15 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 17:15 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 17:15 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 17:15 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 17:15 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 17:15 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 17:15 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 17:15 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 17:15 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 17:15 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 17:15 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 17:15 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 17:15 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 17:15 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 17:15 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 17:15 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 17:15 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 17:15 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 17:15 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 17:15 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 17:15 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 17:15 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 17:15 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 17:15 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 17:15 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 17:15 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 17:15 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 17:15 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 17:15 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 17:15 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 17:15 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-04 15:23 - 2018-01-04 15:23 - 000002240 _____ C:\Users\Public\Desktop\BRAdmin Professional 3.lnk
2018-01-04 15:23 - 2018-01-04 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
2018-01-04 15:23 - 2018-01-04 15:23 - 000000000 ____D C:\Program Files (x86)\Brother
2018-01-04 15:21 - 2018-01-04 15:22 - 023358368 _____ (Brother Industries, Ltd.) C:\Users\Charlie\Downloads\ba3670007eur.exe
2018-01-04 14:43 - 2018-01-04 14:43 - 002234362 _____ C:\Users\Charlie\Downloads\cv_dcp7060d_usaeng_ausr.pdf
2017-12-30 00:37 - 2017-12-30 00:37 - 005301099 _____ C:\Users\Charlie\Downloads\AVR-1907-OM-E.pdf
2017-12-29 21:45 - 2017-12-29 21:45 - 003857218 _____ C:\Users\Charlie\Downloads\Texas_US_Congressional_District_18_(since_2013).tif
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-28 08:31 - 2017-12-09 04:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-28 08:31 - 2017-06-15 13:13 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2018-01-28 08:31 - 2017-06-15 13:11 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2018-01-28 08:31 - 2017-06-15 13:11 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2018-01-28 08:30 - 2017-09-29 03:45 - 018087936 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-28 08:30 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-28 08:30 - 2017-06-15 13:11 - 000029336 _____ C:\WINDOWS\system32\wpbbin.exe
2018-01-28 08:30 - 2016-06-07 22:04 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-28 08:22 - 2017-12-09 04:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-28 06:06 - 2017-12-09 04:55 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB56A88E-0B2A-439C-A936-95B41BD32268}
2018-01-28 04:08 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-28 02:56 - 2017-12-09 04:55 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3932784059-906377476-503307768-1001
2018-01-28 02:56 - 2017-06-15 13:48 - 000002425 _____ C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-28 02:56 - 2016-06-07 21:32 - 000000000 ___RD C:\Users\Charlie\OneDrive
2018-01-28 01:40 - 2017-12-05 21:28 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-28 00:04 - 2017-12-09 04:25 - 000404984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-27 23:55 - 2016-07-09 19:11 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\PhotoScape
2018-01-27 23:55 - 2016-06-22 15:27 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\uTorrent
2018-01-27 23:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-27 23:54 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-27 23:25 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-26 20:57 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-26 20:57 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-25 00:13 - 2016-06-07 21:38 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-24 00:03 - 2017-12-09 04:32 - 000000000 ____D C:\Users\MSSQL$XACTWARE1
2018-01-24 00:03 - 2017-12-09 04:32 - 000000000 ____D C:\Users\Charlie
2018-01-21 01:36 - 2017-11-20 17:02 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Mozilla
2018-01-16 22:20 - 2017-12-09 04:52 - 001584236 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-16 21:32 - 2016-06-07 21:38 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-16 17:12 - 2016-08-12 18:54 - 000000000 ____D C:\Users\Charlie\Documents\ValveMan
2018-01-11 18:25 - 2017-11-20 15:15 - 000000000 ____D C:\Users\Charlie\Documents\AeroFolder
2018-01-09 17:24 - 2016-06-08 18:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 17:20 - 2017-10-17 08:33 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 17:20 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 17:20 - 2016-06-08 18:47 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 17:19 - 2017-10-12 08:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-09 17:15 - 2015-10-30 02:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-01-09 13:13 - 2017-12-09 04:33 - 000000000 ____D C:\Users\Charlie\AppData\Local\Packages
2018-01-07 18:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 19:17 - 2017-12-10 12:47 - 000000000 ___RD C:\Users\Charlie\3D Objects
2018-01-05 19:17 - 2016-06-07 21:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-05 19:11 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-05 17:20 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 17:19 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 17:19 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 16:21 - 2017-11-20 15:15 - 000000000 ____D C:\Users\Charlie\Documents\AdjusterMan
2018-01-04 15:23 - 2016-06-08 00:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-03 18:40 - 2017-11-20 17:02 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Temp
 
Some files in TEMP:
====================
2018-01-28 03:25 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Charlie\AppData\Local\Temp\dllnt_dump.dll
2018-01-28 02:51 - 2018-01-24 23:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\AppData\Local\Temp\HitmanPro.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\wdmuxbeh.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-01-18 21:08
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Charlie (28-01-2018 08:45:47)
Running from C:\Users\Charlie\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-09 09:57:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3932784059-906377476-503307768-500 - Administrator - Disabled)
Charlie (S-1-5-21-3932784059-906377476-503307768-1001 - Administrator - Enabled) => C:\Users\Charlie
DefaultAccount (S-1-5-21-3932784059-906377476-503307768-503 - Limited - Disabled)
Guest (S-1-5-21-3932784059-906377476-503307768-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932784059-906377476-503307768-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3932784059-906377476-503307768-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.67.0007 - Brother)
Cisco WebEx Meetings (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
GDR 5207 for SQL Server 2014 (KB4019093) (64-bit) (HKLM\...\KB4019093) (Version: 12.2.5207.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.19.0.8126 (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\GoToMeeting) (Version: 8.19.0.8126 - LogMeIn, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A22EED3F-6DB6-4987-8023-6C6B7030E554}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{C20DACBE-19F2-47FF-AD22-BBB493499346}) (Version: 11.2.5643.3 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{FEC535DD-0EB2-4709-87BD-1708C6364EB6}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{6E21CC8A-5447-4C98-ABE6-9D0BCE8D540A}) (Version: 12.2.5207.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit) (HKLM\...\KB3171021) (Version: 12.2.5000.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.2.5000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Xactimate 28 (HKLM-x32\...\{00280000-8116-4423-99E0-4A5D07E678E8}) (Version: 28.0.5156.35586 - Xactware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3932784059-906377476-503307768-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Charlie\AppData\Local\GoToMeeting\7943\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00C784F6-9F99-4C96-894F-B15859983038} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {21247DFA-4245-4044-BF92-A4F356174D15} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {238EDBCD-1C09-4F18-B99C-679D6655B64C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-21] (AVAST Software)
Task: {2FEE27C9-76C7-425C-A476-4DED330DD2A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {3BCAADD7-4828-4D72-BA4F-4C597F4877DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4FFFA8EF-A0B4-470F-9C6B-D8099B5FD50E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {72EAE53C-52D7-475D-98D5-4AEF5D578235} - System32\Tasks\S-1-5-21-3932784059-906377476-503307768-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {7FC6B5C2-2487-4C6D-B0DF-534466E9E7E0} - System32\Tasks\G2MUploadTask-S-1-5-21-3932784059-906377476-503307768-1001 => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupload.exe [2017-12-22] (LogMeIn, Inc.)
Task: {81944E6B-17B9-4574-BA3D-03FEEB9B48EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {8819E028-3EE3-4AD5-B974-C7E364BCC206} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8F0C75D7-C5EC-4ABA-9008-53831A81763B} - System32\Tasks\AdobeGCInvoker-1.0-CHARLIESLAPTOP-Charlie => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {A01070CF-1D3C-4402-ABB3-9F4EA9F9A477} - System32\Tasks\G2MUpdateTask-S-1-5-21-3932784059-906377476-503307768-1001 => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupdate.exe [2017-12-22] (LogMeIn, Inc.)
Task: {A87545E4-6A0D-4D79-959F-AB7583D1DE55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {B01E20CC-82FF-4E56-8C72-D19E2AA60A61} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-21] (AVAST Software)
Task: {B280C2B5-9496-43C5-A952-3450C48E86EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {B6317216-0363-4499-86DE-12199E4D6BA0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4672625-7DD4-4E74-9461-EFE13B74635F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {EDE6129F-39D3-4915-B96C-08C37A2E60FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3932784059-906377476-503307768-1001.job => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3932784059-906377476-503307768-1001.job => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-01-04 15:23 - 2017-07-13 18:45 - 000099840 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2017-12-09 07:07 - 2017-12-09 07:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 07:07 - 2017-12-09 07:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-26 20:54 - 2018-01-26 20:56 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-26 20:54 - 2018-01-26 20:56 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-26 20:54 - 2018-01-26 20:56 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-26 20:54 - 2018-01-26 20:56 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-05 22:38 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-05 22:38 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-06-12 15:59 - 000001132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3932784059-906377476-503307768-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-80-1403080342-2827387752-2250493637-3338715181-2364043152\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "domesticitymagna"
HKLM\...\StartupApproved\Run: => "domesticitydomesticity"
HKLM\...\StartupApproved\Run: => "domesticity"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "XCDownloadApplet"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "novumrotated"
HKLM\...\StartupApproved\Run32: => "novumnovum"
HKLM\...\StartupApproved\Run32: => "novum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasntwasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "godzilla"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnadomesticity"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatednovum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "gloved"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnamagna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatedrotated"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotated"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4EF78B1D-894A-48F7-8B28-FD66723E31FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9030262D-9BBF-4B9F-B5F5-200EEBDE5605}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{561E15F9-6C1A-4383-BCE5-4B70362E1687}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{924677D8-0E6C-4B6F-AFA8-9C854F0B67EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5D75EC4-E36A-4817-A6A6-981A0318E76A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8EF9C3A7-AFC6-41DB-8043-9D3D7EFADABE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C19CCBD8-E32D-40E0-AAE2-9A3610A087EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{786C9EA6-83F5-4A0F-A3B7-3B9C52DAA441}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8B6922CE-F849-44D6-91EF-0A468F34DA65}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C64C72A-4A74-4493-80AE-56B990ED19EA}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7746F9B-9D58-4027-BE2A-3058542C3A4F}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BE55E67-60BD-4D79-8319-C0A773AB6F63}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1D86B37A-C964-47E6-A6BA-6D0F4BFFAC3A}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C9BFF43-2488-4487-86E2-0A23AF94926B}] => (Allow) C:\Users\Charlie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{E8C727D0-E900-4738-AB3D-FD76790CAA0B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{AE78C108-8E22-40CB-BC04-95AF44A71564}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{6669FFF7-9EE6-4710-AD8D-B0F91A450A19}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{2311B578-A505-481B-B88E-5F6B3FEF1E84}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{A5584FD0-9743-4A17-A472-3411FD8596EB}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{D240A6FE-8EFB-4292-B789-788CCCCB3FF9}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{AAB03EE7-9745-41D1-B164-A33A844A2B52}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{4EFD825A-F68D-4FD7-B46A-C2880153F151}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{A702B6D1-708E-4AB6-9D7C-2318EEBF0840}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F872F31-C189-44C0-86A1-BF983E3F074B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{63581D7A-D755-4B53-B33C-9DE89E8B3737}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2018 04:09:50 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
 
Error: (01/28/2018 04:09:24 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2018 04:09:24 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2018 04:08:49 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2018 04:08:49 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/28/2018 02:33:45 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/28/2018 02:33:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/28/2018 02:33:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.16299.15, time stamp: 0x091f43e7
Faulting module name: shlwapi.dll, version: 10.0.16299.15, time stamp: 0xb84caa87
Exception code: 0xc0000005
Fault offset: 0x00013be1
Faulting process id: 0x1b70
Faulting application start time: 0x01d3980a490ad887
Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Faulting module path: C:\WINDOWS\System32\shlwapi.dll
Report Id: 5e82c273-3c57-4f30-80a8-6fff1a1fa904
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/28/2018 01:09:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: e8c
 
Start Time: 01d397fc7619c403
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 5d0c107e-58f3-48cc-aa00-ca98487e260b
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (01/28/2018 01:09:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CHARLIESLAPTOP)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (01/28/2018 08:40:36 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-28 03:09:39.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-28 03:09:39.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-28 03:09:39.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-16 22:58:40.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:32:45.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:23:42.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:23:35.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-09 05:02:59.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.
 
  Date: 2017-12-09 05:02:56.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\wceprv.dll that did not meet the Unchecked signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 45%
Total physical RAM: 5596.73 MB
Available physical RAM: 3040.34 MB
Total Virtual: 5980.73 MB
Available Virtual: 3236.31 MB
 
==================== Drives ================================
 
Drive c: (TI10649600G) (Fixed) (Total:585.18 GB) (Free:492.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 29 January 2018 - 08:13 AM

Hi ChazInMT :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 29 January 2018 - 09:37 AM

Thanks a TON Aura!! Here's what I got today.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Charlie (29-01-2018 09:35:53) Run:1
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie (Available Profiles: Charlie & MSSQL$XACTWARE1)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 09:35:54 ====


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 29 January 2018 - 09:54 AM

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 30 January 2018 - 12:49 AM

Jeezo Petes!!! I tried everything I could to get into a safe mode......my computer simply wouldn't let me. This things a beast. I finally figured out how to get into my bios and boot from my Win 10 install usb drive......and was able to run FRST. Here's what I got.

 

Thanks Again!!!!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by SYSTEM on MININT-2OVE16G (30-01-2018 00:37:00)
Running from h:\
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-21] (AVAST Software)
HKLM-x32\...\Run: [XCDownloadApplet] => C:\Program Files (x86)\Xactware\Xactimate28\CORE\XCDownloadApplet.exe [531920 2017-06-06] (Xactware)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\Charlie\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE [1931936 2017-12-12] (Microsoft Corporation)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\MSSQL$XACTWARE1\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\gmkwcrd" => removed successfully
C:\Windows\System32\drivers\wdmbehko.sys => moved successfully
C:\Users\Charlie\AppData\Local\exrhlno\cgcvxth.exe => moved successfully
C:\Users\Charlie\AppData\Local\exrhlno\exrhlno.exe => moved successfully
C:\Users\Charlie\AppData\Local\msewkpu\vdbzean.exe => moved successfully
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-21] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-21] (AVAST Software)
S2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99840 2017-07-13] ()
S2 MSSQL$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
S2 MSSQL$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S4 SQLAgent$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-21] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-21] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-21] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-21] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-21] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-21] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-21] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-21] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-21] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-21] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-21] ()
S4 RsFx0320; C:\Windows\System32\DRIVERS\RsFx0320.sys [250048 2016-06-17] (Microsoft Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)
S1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-16] (Zemana Ltd.)
S1 kzmrwzfu; \??\C:\WINDOWS\system32\drivers\kzmrwzfu.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-30 00:18 - 2018-01-30 00:33 - 000000000 _____ C:\Recovery.txt
2018-01-29 06:35 - 2018-01-29 06:35 - 000000791 _____ C:\Users\Charlie\Downloads\Fixlog.txt
2018-01-28 06:26 - 2018-01-28 06:26 - 000000000 ____D C:\Users\Charlie\Documents\Virus Help
2018-01-28 05:45 - 2018-01-28 05:46 - 000035781 _____ C:\Users\Charlie\Downloads\Addition.txt
2018-01-28 05:44 - 2018-01-29 06:35 - 000000000 ____D C:\FRST
2018-01-28 05:44 - 2018-01-28 05:46 - 000069878 _____ C:\Users\Charlie\Downloads\FRST.txt
2018-01-28 05:44 - 2018-01-28 05:44 - 002393088 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2018-01-28 00:26 - 2018-01-28 00:26 - 000028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2018-01-28 00:25 - 2018-01-28 05:23 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 00:25 - 2018-01-28 00:25 - 026916424 _____ (Adlice Software) C:\Users\Charlie\Downloads\RogueKiller_portable64.exe
2018-01-28 00:17 - 2018-01-28 00:18 - 000019482 _____ C:\TDSSKiller.3.1.0.16_28.01.2018_03.17.42_log.txt
2018-01-28 00:17 - 2018-01-28 00:17 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Charlie\Downloads\tdsskiller.exe
2018-01-27 22:25 - 2018-01-27 22:26 - 000881904 _____ (Plumbytes Software) C:\Users\Charlie\Downloads\antimalwaresetup.exe
2018-01-27 20:56 - 2018-01-27 20:56 - 000113158 _____ C:\Users\Charlie\Documents\cc_20180127_235613.reg
2018-01-27 20:49 - 2018-01-27 20:50 - 011205832 _____ (Piriform Ltd) C:\Users\Charlie\Downloads\ccsetup539.exe
2018-01-24 22:10 - 2018-01-24 22:10 - 000000000 ____D C:\Users\Charlie\AppData\Local\ElevatedDiagnostics
2018-01-24 22:06 - 2018-01-24 22:06 - 000000000 ____D C:\Windows\System32\Tasks\S-1-5-21-3932784059-906377476-503307768-1001
2018-01-24 20:29 - 2018-01-24 20:29 - 008206624 _____ (Malwarebytes) C:\Users\Charlie\Downloads\adwcleaner_7.0.7.0.exe
2018-01-24 20:18 - 2018-01-24 20:18 - 000012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2018-01-24 20:02 - 2018-01-27 21:55 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-01-24 20:01 - 2018-01-24 20:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-24 20:00 - 2018-01-24 20:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\hitmanpro_x64.exe
2018-01-23 20:00 - 2018-01-23 20:00 - 000063855 _____ C:\Users\Charlie\Downloads\Star.Trek.Discovery.S01E12.iNTERNAL.720p.WEB.x264-BAMBOOZLE[rartv]-[rarbg.to].torrent
2018-01-22 21:13 - 2018-01-22 21:13 - 009932672 _____ C:\Users\Charlie\Downloads\bitdefender_online(2).exe
2018-01-21 20:42 - 2018-01-21 20:42 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-01-21 20:10 - 2018-01-21 20:46 - 000000000 _____ C:\Windows\System32\last.dump
2018-01-21 20:03 - 2018-01-21 20:03 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2018-01-21 20:01 - 2018-01-21 20:01 - 000061304 _____ () C:\Windows\System32\Drivers\lpsport.sys
2018-01-21 20:01 - 2018-01-21 20:01 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-21 20:01 - 2018-01-21 20:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-01-21 20:01 - 2018-01-21 20:01 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-21 20:00 - 2018-01-29 20:22 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-21 20:00 - 2018-01-21 20:01 - 000457896 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-01-21 20:00 - 2018-01-21 20:01 - 000146648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000358672 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000204456 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000185096 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000110336 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000084384 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-01-21 20:00 - 2018-01-21 19:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 001025176 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 000343768 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 000321512 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 000199448 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 000149344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-01-21 20:00 - 2018-01-21 19:58 - 000057696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-01-21 19:59 - 2018-01-21 19:59 - 000365680 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-01-21 19:57 - 2018-01-21 19:57 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-21 19:56 - 2018-01-21 20:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-21 19:56 - 2018-01-21 19:56 - 007172032 _____ (AVAST Software) C:\Users\Charlie\Downloads\avast_free_antivirus_setup_online.exe
2018-01-20 22:36 - 2018-01-28 20:05 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Mozilla
2018-01-20 22:36 - 2018-01-20 22:40 - 000000000 ____D C:\Users\Charlie\AppData\Local\Mozilla
2018-01-20 22:36 - 2018-01-20 22:36 - 000001004 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-20 22:36 - 2018-01-20 22:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-20 22:36 - 2018-01-20 22:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-20 22:35 - 2018-01-20 22:35 - 000311232 _____ (Mozilla) C:\Users\Charlie\Downloads\Firefox Installer.exe
2018-01-20 21:42 - 2018-01-20 21:43 - 000000000 ____D C:\Users\Charlie\Downloads\backups
2018-01-20 21:32 - 2018-01-20 21:32 - 000388608 _____ (Trend Micro Inc.) C:\Users\Charlie\Downloads\HijackThis.exe
2018-01-20 19:10 - 2018-01-29 21:25 - 002888192 _____ C:\Windows\System32\msaoxpksvc.exe
2018-01-19 19:34 - 2018-01-21 19:18 - 000075761 _____ C:\Users\Charlie\Desktop\mb-clean-results.txt
2018-01-19 19:34 - 2018-01-19 19:34 - 000863696 _____ (Malwarebytes) C:\Users\Charlie\Downloads\mb-clean-3.1.0.1031.exe
2018-01-19 15:53 - 2018-01-19 15:53 - 000003592 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-CHARLIESLAPTOP-Charlie
2018-01-19 15:50 - 2018-01-19 15:50 - 002517523 _____ C:\Users\Charlie\Downloads\LiftMaster 1345 Owners Manual.pdf
2018-01-16 20:32 - 2018-01-24 20:37 - 000000000 ____D C:\AdwCleaner
2018-01-16 20:19 - 2018-01-29 21:32 - 000029790 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-16 20:19 - 2018-01-20 22:47 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-16 20:19 - 2018-01-20 22:42 - 000086868 _____ C:\Windows\ZAM.krnl.trace
2018-01-16 20:19 - 2018-01-16 20:19 - 000203680 _____ (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2018-01-16 20:19 - 2018-01-16 20:19 - 000000000 ____D C:\Users\Charlie\AppData\Local\Zemana
2018-01-16 19:54 - 2018-01-16 19:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-16 19:53 - 2018-01-16 19:53 - 083316440 _____ (Malwarebytes ) C:\Users\Charlie\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-16 19:38 - 2018-01-21 19:22 - 000002754 _____ C:\Users\Charlie\Desktop\Rkill.txt
2018-01-16 19:35 - 2018-01-16 19:35 - 008198432 _____ (Malwarebytes) C:\Users\Charlie\Downloads\AdwCleaner.exe
2018-01-16 19:34 - 2018-01-16 19:34 - 006625600 _____ (Zemana Ltd. ) C:\Users\Charlie\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-16 19:33 - 2018-01-16 19:33 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Charlie\Downloads\rkill.exe
2018-01-16 18:31 - 2018-01-27 20:25 - 000000000 ____D C:\Users\Charlie\AppData\Local\exeicws
2018-01-16 18:28 - 2018-01-30 00:37 - 000000000 ____D C:\Users\Charlie\AppData\Local\msewkpu
2018-01-16 18:28 - 2018-01-30 00:37 - 000000000 ____D C:\Users\Charlie\AppData\Local\exrhlno
2018-01-16 18:26 - 2018-01-16 18:26 - 000000000 ____D C:\Windows\SysWOW64\nicpmra
2018-01-16 18:26 - 2018-01-16 18:26 - 000000000 ____D C:\Windows\System32\nicpmra
2018-01-16 18:26 - 2018-01-16 18:26 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\et
2018-01-16 02:24 - 2018-01-16 02:24 - 000051643 _____ C:\Windows\uninstaller.dat
2018-01-14 11:56 - 2018-01-14 11:56 - 000053611 _____ C:\Users\Charlie\Downloads\Airbnb Travel Itinerary, Confirmation Code HMXJAAPMZS.pdf
2018-01-13 17:07 - 2018-01-13 17:07 - 000426383 _____ C:\Users\Charlie\Downloads\2005-subaru-forester-33111.pdf
2018-01-12 12:09 - 2018-01-15 20:44 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-01-09 20:49 - 2018-01-28 21:01 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\vlc
2018-01-09 20:47 - 2018-01-09 20:47 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-09 20:46 - 2018-01-09 20:46 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-09 20:45 - 2018-01-09 20:45 - 030863288 _____ C:\Users\Charlie\Downloads\vlc-2.2.8-win32.exe
2018-01-09 14:16 - 2018-01-09 14:16 - 000000000 ____D C:\Windows\PCHEALTH
2018-01-09 10:59 - 2018-01-09 10:59 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1) (1).pdf
2018-01-09 10:50 - 2018-01-09 12:50 - 000792040 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2018.pdf
2018-01-09 10:27 - 2018-01-09 10:51 - 002746583 ____H C:\Users\Charlie\Downloads\~WRL0005.tmp
2018-01-09 10:09 - 2018-01-09 10:09 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1).pdf
2018-01-06 19:34 - 2018-01-20 18:11 - 000000000 ____D C:\Users\Charlie\Downloads\Memes
2018-01-05 14:16 - 2018-01-01 09:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-01-05 14:16 - 2018-01-01 04:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-01-05 14:16 - 2018-01-01 04:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-01-05 14:16 - 2018-01-01 04:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-01-05 14:16 - 2018-01-01 04:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-01-05 14:16 - 2018-01-01 04:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-01-05 14:16 - 2018-01-01 04:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bam.sys
2018-01-05 14:16 - 2018-01-01 04:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll
2018-01-05 14:16 - 2018-01-01 04:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2018-01-05 14:16 - 2018-01-01 04:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-01-05 14:16 - 2018-01-01 04:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2018-01-05 14:16 - 2018-01-01 04:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2018-01-05 14:16 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-01-05 14:16 - 2018-01-01 04:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2018-01-05 14:16 - 2018-01-01 04:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-01-05 14:16 - 2018-01-01 04:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-01-05 14:16 - 2018-01-01 04:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2018-01-05 14:16 - 2018-01-01 04:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-01-05 14:16 - 2018-01-01 04:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-01-05 14:16 - 2018-01-01 04:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2018-01-05 14:16 - 2018-01-01 04:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2018-01-05 14:16 - 2018-01-01 04:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-01-05 14:16 - 2018-01-01 04:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2018-01-05 14:16 - 2018-01-01 04:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2018-01-05 14:16 - 2018-01-01 04:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-01-05 14:16 - 2018-01-01 04:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2018-01-05 14:16 - 2018-01-01 04:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-01-05 14:16 - 2018-01-01 04:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2018-01-05 14:16 - 2018-01-01 04:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-01-05 14:16 - 2018-01-01 04:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2018-01-05 14:16 - 2018-01-01 04:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2018-01-05 14:16 - 2018-01-01 04:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-05 14:16 - 2018-01-01 04:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
2018-01-05 14:16 - 2018-01-01 04:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2018-01-05 14:16 - 2018-01-01 04:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\System32\vac.exe
2018-01-05 14:16 - 2018-01-01 04:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2018-01-05 14:16 - 2018-01-01 04:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2018-01-05 14:16 - 2018-01-01 04:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-01-05 14:16 - 2018-01-01 04:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2018-01-05 14:16 - 2018-01-01 04:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2018-01-05 14:16 - 2018-01-01 04:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2018-01-05 14:16 - 2018-01-01 04:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2018-01-05 14:16 - 2018-01-01 04:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2018-01-05 14:16 - 2018-01-01 04:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2018-01-05 14:16 - 2018-01-01 04:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2018-01-05 14:16 - 2018-01-01 04:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-01-05 14:16 - 2018-01-01 04:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-05 14:16 - 2018-01-01 04:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-05 14:16 - 2018-01-01 04:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-05 14:16 - 2018-01-01 03:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-05 14:16 - 2018-01-01 03:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-05 14:16 - 2018-01-01 03:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-05 14:16 - 2018-01-01 03:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-05 14:16 - 2018-01-01 03:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-05 14:16 - 2018-01-01 03:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-05 14:16 - 2018-01-01 03:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 14:16 - 2018-01-01 03:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-05 14:16 - 2018-01-01 03:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-05 14:16 - 2018-01-01 03:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-05 14:16 - 2018-01-01 03:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-01-05 14:16 - 2018-01-01 03:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-05 14:16 - 2018-01-01 03:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-05 14:16 - 2018-01-01 03:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-05 14:16 - 2018-01-01 03:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-05 14:16 - 2018-01-01 03:25 - 000097792 _____ C:\Windows\System32\runexehelper.exe
2018-01-05 14:16 - 2018-01-01 03:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-01-05 14:16 - 2018-01-01 03:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-05 14:16 - 2018-01-01 03:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\System32\InstallService.dll
2018-01-05 14:16 - 2018-01-01 03:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2018-01-05 14:16 - 2018-01-01 03:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-01-05 14:16 - 2018-01-01 03:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\System32\AppxAllUserStore.dll
2018-01-05 14:16 - 2018-01-01 03:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netvsc.sys
2018-01-05 14:16 - 2018-01-01 03:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-05 14:16 - 2018-01-01 03:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-05 14:16 - 2018-01-01 03:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2018-01-05 14:16 - 2018-01-01 03:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\System32\provisioningcsp.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\System32\dusmsvc.dll
2018-01-05 14:16 - 2018-01-01 03:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\provtool.exe
2018-01-05 14:16 - 2018-01-01 03:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-05 14:16 - 2018-01-01 03:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2018-01-05 14:16 - 2018-01-01 03:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-01-05 14:16 - 2018-01-01 03:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\System32\provhandlers.dll
2018-01-05 14:16 - 2018-01-01 03:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-05 14:16 - 2018-01-01 03:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-05 14:16 - 2018-01-01 03:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-01-05 14:16 - 2018-01-01 03:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\System32\usermgr.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2018-01-05 14:16 - 2018-01-01 03:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2018-01-05 14:16 - 2018-01-01 03:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-01-05 14:16 - 2018-01-01 03:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-05 14:16 - 2018-01-01 03:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-01-05 14:16 - 2018-01-01 03:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-05 14:16 - 2018-01-01 03:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2018-01-05 14:16 - 2018-01-01 03:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2018-01-05 14:16 - 2018-01-01 03:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-01-05 14:16 - 2018-01-01 03:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 14:16 - 2018-01-01 03:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-05 14:16 - 2018-01-01 03:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-05 14:16 - 2018-01-01 03:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-01-05 14:16 - 2018-01-01 03:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-01-05 14:16 - 2018-01-01 03:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\System32\UserDataService.dll
2018-01-05 14:16 - 2018-01-01 03:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-01-05 14:16 - 2018-01-01 03:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\System32\wifinetworkmanager.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\System32\TokenBroker.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-01-05 14:16 - 2018-01-01 03:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2018-01-05 14:16 - 2018-01-01 03:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\System32\InputService.dll
2018-01-05 14:16 - 2018-01-01 03:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2018-01-05 14:16 - 2018-01-01 03:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2018-01-05 14:16 - 2018-01-01 03:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\DbgModel.dll
2018-01-05 14:16 - 2018-01-01 03:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2018-01-05 14:16 - 2018-01-01 03:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-01-05 14:16 - 2018-01-01 03:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2018-01-05 14:16 - 2018-01-01 03:08 - 000424448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2018-01-05 14:16 - 2018-01-01 03:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\System32\ResetEngine.dll
2018-01-05 14:16 - 2018-01-01 03:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2018-01-05 14:15 - 2018-01-01 04:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\System32\iumcrypt.dll
2018-01-05 14:15 - 2018-01-01 04:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\System32\skci.dll
2018-01-05 14:15 - 2018-01-01 04:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase_enclave.dll
2018-01-05 14:15 - 2018-01-01 04:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-01-05 14:15 - 2018-01-01 04:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2018-01-05 14:15 - 2018-01-01 04:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2018-01-05 14:15 - 2018-01-01 04:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-01-05 14:15 - 2018-01-01 04:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2018-01-05 14:15 - 2018-01-01 04:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2018-01-05 14:15 - 2018-01-01 04:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2018-01-05 14:15 - 2018-01-01 04:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\System32\efscore.dll
2018-01-05 14:15 - 2018-01-01 04:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-01-05 14:15 - 2018-01-01 04:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2018-01-05 14:15 - 2018-01-01 04:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2018-01-05 14:15 - 2018-01-01 04:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\System32\systemreset.exe
2018-01-05 14:15 - 2018-01-01 04:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2018-01-05 14:15 - 2018-01-01 04:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2018-01-05 14:15 - 2018-01-01 04:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2018-01-05 14:15 - 2018-01-01 04:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\System32\wifitask.exe
2018-01-05 14:15 - 2018-01-01 04:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2018-01-05 14:15 - 2018-01-01 04:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\System32\icfupgd.dll
2018-01-05 14:15 - 2018-01-01 04:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2018-01-05 14:15 - 2018-01-01 04:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\System32\SecurityHealthProxyStub.dll
2018-01-05 14:15 - 2018-01-01 04:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-01-05 14:15 - 2018-01-01 04:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2018-01-05 14:15 - 2018-01-01 04:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-01-05 14:15 - 2018-01-01 04:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\System32\TextInputFramework.dll
2018-01-05 14:15 - 2018-01-01 04:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2018-01-05 14:15 - 2018-01-01 04:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2018-01-05 14:15 - 2018-01-01 04:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-01-05 14:15 - 2018-01-01 04:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2018-01-05 14:15 - 2018-01-01 04:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-05 14:15 - 2018-01-01 04:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-05 14:15 - 2018-01-01 03:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-05 14:15 - 2018-01-01 03:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-05 14:15 - 2018-01-01 03:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 14:15 - 2018-01-01 03:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-05 14:15 - 2018-01-01 03:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-05 14:15 - 2018-01-01 03:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-05 14:15 - 2018-01-01 03:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-05 14:15 - 2018-01-01 03:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-05 14:15 - 2018-01-01 03:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-05 14:15 - 2018-01-01 03:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\System32\AboutSettingsHandlers.dll
2018-01-05 14:15 - 2018-01-01 03:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-05 14:15 - 2018-01-01 03:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-05 14:15 - 2018-01-01 03:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cldflt.sys
2018-01-05 14:15 - 2018-01-01 03:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\System32\convertvhd.exe
2018-01-05 14:15 - 2018-01-01 03:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2018-01-05 14:15 - 2018-01-01 03:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmclr.sys
2018-01-05 14:15 - 2018-01-01 03:23 - 000047104 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2018-01-05 14:15 - 2018-01-01 03:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 14:15 - 2018-01-01 03:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpstorport.sys
2018-01-05 14:15 - 2018-01-01 03:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\System32\VmApplicationHealthMonitorProxy.dll
2018-01-05 14:15 - 2018-01-01 03:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-05 14:15 - 2018-01-01 03:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-05 14:15 - 2018-01-01 03:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\System32\wificonnapi.dll
2018-01-05 14:15 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-05 14:15 - 2018-01-01 03:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2018-01-05 14:15 - 2018-01-01 03:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2018-01-05 14:15 - 2018-01-01 03:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2018-01-05 14:15 - 2018-01-01 03:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winnat.sys
2018-01-05 14:15 - 2018-01-01 03:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\fwpolicyiomgr.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\System32\container.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\System32\ACPBackgroundManagerPolicy.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\System32\rasauto.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\System32\SCardDlg.dll
2018-01-05 14:15 - 2018-01-01 03:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2018-01-05 14:15 - 2018-01-01 03:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\System32\NaturalAuth.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2018-01-05 14:15 - 2018-01-01 03:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-05 14:15 - 2018-01-01 03:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2018-01-05 14:15 - 2018-01-01 03:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenance.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-05 14:15 - 2018-01-01 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\nshhttp.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\System32\PhoneProviders.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\System32\SmsRouterSvc.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\System32\vmrdvcore.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\System32\APHostService.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\System32\AppLockerCSP.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\System32\SCardSvr.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\System32\P2P.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2018-01-05 14:15 - 2018-01-01 03:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\System32\provdatastore.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\System32\PhoneService.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\System32\SensorService.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\System32\p2psvc.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\System32\pnrpsvc.dll
2018-01-05 14:15 - 2018-01-01 03:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-01-05 14:15 - 2018-01-01 03:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\msoert2.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\System32\SyncController.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\cldapi.dll
2018-01-05 14:15 - 2018-01-01 03:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\System32\rdpserverbase.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\System32\Unistore.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2018-01-05 14:15 - 2018-01-01 03:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-01-05 14:15 - 2018-01-01 03:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\System32\rdpbase.dll
2018-01-05 14:15 - 2018-01-01 03:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\System32\modernexecserver.dll
2018-01-05 14:15 - 2018-01-01 03:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-01-05 14:15 - 2018-01-01 03:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-05 14:15 - 2018-01-01 03:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-05 14:15 - 2018-01-01 03:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-05 14:15 - 2018-01-01 03:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2018-01-05 14:15 - 2018-01-01 03:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 14:15 - 2018-01-01 03:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-01-05 14:15 - 2018-01-01 03:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-01-05 14:15 - 2018-01-01 03:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2018-01-05 14:15 - 2018-01-01 03:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-05 14:15 - 2018-01-01 03:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Core.TextInput.dll
2018-01-05 14:15 - 2018-01-01 03:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2018-01-05 14:15 - 2018-01-01 03:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\System32\wscproxystub.dll
2018-01-05 14:15 - 2018-01-01 03:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2018-01-04 12:23 - 2018-01-04 12:23 - 000002240 _____ C:\Users\Public\Desktop\BRAdmin Professional 3.lnk
2018-01-04 12:23 - 2018-01-04 12:23 - 000000000 ____D C:\Program Files (x86)\Brother
2018-01-04 12:21 - 2018-01-04 12:22 - 023358368 _____ (Brother Industries, Ltd.) C:\Users\Charlie\Downloads\ba3670007eur.exe
2018-01-04 11:43 - 2018-01-04 11:43 - 002234362 _____ C:\Users\Charlie\Downloads\cv_dcp7060d_usaeng_ausr.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-29 21:32 - 2017-09-29 00:45 - 018350080 _____ C:\Windows\System32\config\HARDWARE
2018-01-29 21:32 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI
2018-01-29 21:32 - 2016-06-07 19:04 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-01-29 21:31 - 2017-12-09 01:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-29 21:26 - 2017-06-15 10:13 - 000017408 _____ C:\Windows\SysWOW64\rpcnetp.dll
2018-01-29 21:25 - 2017-06-15 10:11 - 000029336 _____ C:\Windows\System32\wpbbin.exe
2018-01-29 21:25 - 2017-06-15 10:11 - 000017408 _____ C:\Windows\SysWOW64\rpcnetp.exe
2018-01-29 21:25 - 2017-06-15 10:11 - 000017408 _____ C:\Windows\System32\rpcnetp.exe
2018-01-29 21:07 - 2017-12-09 01:53 - 000002183 _____ C:\Windows\diagerr.xml
2018-01-29 21:07 - 2017-12-09 01:53 - 000001908 _____ C:\Windows\diagwrn.xml
2018-01-29 21:00 - 2017-12-09 01:25 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-01-29 20:01 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-29 19:57 - 2017-12-09 01:25 - 000389784 _____ C:\Windows\System32\FNTCACHE.DAT
2018-01-29 19:56 - 2017-12-09 01:32 - 000000000 ____D C:\users\Charlie
2018-01-29 19:50 - 2017-12-09 01:55 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB56A88E-0B2A-439C-A936-95B41BD32268}
2018-01-29 06:33 - 2016-06-22 12:27 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\uTorrent
2018-01-29 06:31 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-01-29 06:31 - 2016-06-12 15:29 - 000000000 ____D C:\ProgramData\Adobe
2018-01-29 06:25 - 2017-12-09 01:32 - 000000000 ____D C:\users\MSSQL$XACTWARE1
2018-01-28 01:08 - 2015-10-29 23:24 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-01-27 23:56 - 2017-12-09 01:55 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3932784059-906377476-503307768-1001
2018-01-27 23:56 - 2016-06-07 18:32 - 000000000 ___RD C:\Users\Charlie\OneDrive
2018-01-27 22:40 - 2017-12-05 18:28 - 000000000 ___DC C:\Windows\Panther
2018-01-27 20:55 - 2016-07-09 16:11 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\PhotoScape
2018-01-27 20:54 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-01-26 17:57 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-26 17:57 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-24 21:13 - 2016-06-07 18:38 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-20 22:36 - 2017-11-20 14:02 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Mozilla
2018-01-16 19:20 - 2017-12-09 01:52 - 001584236 _____ C:\Windows\System32\PerfStringBackup.INI
2018-01-16 14:12 - 2016-08-12 15:54 - 000000000 ____D C:\Users\Charlie\Documents\ValveMan
2018-01-11 15:25 - 2017-11-20 12:15 - 000000000 ____D C:\Users\Charlie\Documents\AeroFolder
2018-01-09 14:24 - 2016-06-08 15:47 - 000000000 ____D C:\Windows\System32\MRT
2018-01-09 14:20 - 2017-10-17 05:33 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-01-09 14:20 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-09 14:20 - 2016-06-08 15:47 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-01-09 14:15 - 2015-10-29 23:24 - 000000167 _____ C:\Windows\win.ini
2018-01-09 10:13 - 2017-12-09 01:33 - 000000000 ____D C:\Users\Charlie\AppData\Local\Packages
2018-01-07 15:27 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-01-05 16:17 - 2017-12-10 09:47 - 000000000 ___RD C:\Users\Charlie\3D Objects
2018-01-05 16:17 - 2016-06-07 18:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\oobe
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\migwiz
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser
2018-01-05 16:11 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-05 16:11 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Dism
2018-01-05 14:20 - 2017-09-29 05:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
2018-01-05 14:19 - 2017-09-29 05:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-01-05 14:19 - 2017-09-29 05:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-04 13:21 - 2017-11-20 12:15 - 000000000 ____D C:\Users\Charlie\Documents\AdjusterMan
2018-01-04 12:23 - 2016-06-07 21:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-03 15:40 - 2017-11-20 14:02 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Temp
 
Some files in TEMP:
====================
2018-01-28 00:25 - 2018-01-01 04:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Charlie\AppData\Local\Temp\dllnt_dump.dll
2018-01-27 23:51 - 2018-01-24 20:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\AppData\Local\Temp\HitmanPro.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-05 14:16] - [2018-01-01 03:11] - 000715776 _____ (Microsoft Corporation) D0926E8FC082646487BD159538F4D9F5
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-01-05 14:16] - [2018-01-01 04:38] - 003904808 _____ (Microsoft Corporation) 92B369312AF5D0B83AEF82D5DE0428D2
 
C:\Windows\SysWOW64\explorer.exe
[2018-01-05 14:16] - [2018-01-01 03:46] - 003485392 _____ (Microsoft Corporation) 152D8FB49984351A39F87A592EECD896
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-01-05 14:16] - [2018-01-01 04:25] - 000615768 _____ (Microsoft Corporation) AB75687641C9ADBE22336EC3C496909C
 
C:\Windows\System32\User32.dll
[2017-12-12 16:44] - [2017-12-07 15:34] - 001634288 _____ (Microsoft Corporation) 0370364D4D8846B6CF316ABBB2EDB083
 
C:\Windows\SysWOW64\User32.dll
[2017-12-12 16:44] - [2017-12-07 14:56] - 001528904 _____ (Microsoft Corporation) 5D41A00F6ED104C9639D5CBF0D38A1D6
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2017-12-12 16:44] - [2017-12-07 15:12] - 000401304 _____ (Microsoft Corporation) 5B27846CF4B1C21AFB3A35A8336BA02F
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 5596.73 MB
Available physical RAM: 4898.3 MB
Total Virtual: 5596.73 MB
Available Virtual: 4934.81 MB
 
==================== Drives ================================
 
Drive c: (TI10649600G) (Fixed) (Total:585.18 GB) (Free:494.34 GB) NTFS
Drive d: (WINDOWS10) (Removable) (Total:14.64 GB) (Free:8.01 GB) FAT32
Drive e: (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
Drive h: () (Removable) (Total:7.6 GB) (Free:5.17 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 7.6 GB) (Disk ID: FE86A51B)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0B)
 
LastRegBack: 2018-01-18 18:08
 
==================== End of FRST.txt ============================


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 30 January 2018 - 08:03 AM

Awesome! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 30 January 2018 - 11:11 AM

Sorry, but I don't think that did much. I could not get Malwarebytes to run from the command prompts, and I can't still do anything to get windows to start in a safe mode, so this scan was run in normal mode.

 

Here's the txt of the scan report:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/30/18
Scan Time: 11:00 AM
Log File: a1696a2e-05d6-11e8-9733-7054d21123ef.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3822
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: CHARLIESLAPTOP\Charlie
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321670
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 47 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Plumbytes, C:\USERS\CHARLIE\DOWNLOADS\ANTIMALWARESETUP.EXE, Delete-on-Reboot, [7647], [123575],1.0.3822
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 30 January 2018 - 01:05 PM

It's all good, the main infection (SmartService) was removed when we ran a scan with FRST in the Windows RE. So now Windows should be usable under a normal boot, no need to go in Safe Mode.

Let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 31 January 2018 - 12:24 AM

Here are the reports. Looks good! I don't see the wierdy processes running anymore, so Yipee!!!!

 

I still get this worrisome "Repairing Drive" message when booting which started when this attack started. it says:

 

Scanning and repairing drive (\\?\Volume{44a68c15-76a4-4e64-9024-2a02f876aa}): 100% complete

 

Any idea where I can go to resolve that?

 

RogueKiller V12.12.2.0 (x64) [Jan 29 2018] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : https://forum.adlice.com

Website : http://www.adlice.com/download/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 10 (10.0.16299) 64 bits version

Started in : Normal mode

User : Charlie [Administrator]

Started from : C:\Users\Charlie\Downloads\RogueKiller_portable64 (1).exe

Mode : Delete -- Date : 01/30/2018 22:31:04 (Duration : 00:54:17)

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 1 ¤¤¤

[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Description -> Deleted

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ WMI : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [SYSTEM] Basic data partition | Offset (sectors): 2048 | Size: 450 MB

1 - Basic data partition | Offset (sectors): 923648 | Size: 260 MB

2 - Basic data partition | Offset (sectors): 1456128 | Size: 128 MB

3 - Basic data partition | Offset (sectors): 1718272 | Size: 599227 MB

4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1228937216 | Size: 830 MB

5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1230639104 | Size: 9582 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

 

 

 

 

# AdwCleaner 7.0.7.0 - Logfile created on Wed Jan 31 04:40:38 2018

# Updated on 2018/18/01 by Malwarebytes 

# Database: 01-30-2018.2

# Running on Windows 10 Home (X64)

# Mode: scan

# Support: https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

No malicious services found.

 

***** [ Folders ] *****

 

No malicious folders found.

 

***** [ Files ] *****

 

No malicious files found.

 

***** [ DLL ] *****

 

No malicious DLLs found.

 

***** [ WMI ] *****

 

No malicious WMI found.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts found.

 

***** [ Tasks ] *****

 

No malicious tasks found.

 

***** [ Registry ] *****

 

No malicious registry entries found.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries.

 

*************************

 

C:/AdwCleaner/AdwCleaner[C0].txt - [1738 B] - [2018/1/17 4:40:49]

C:/AdwCleaner/AdwCleaner[S0].txt - [1701 B] - [2018/1/17 4:40:10]

C:/AdwCleaner/AdwCleaner[S1].txt - [1079 B] - [2018/1/25 4:37:17]

C:/AdwCleaner/AdwCleaner[S2].txt - [1146 B] - [2018/1/31 4:34:44]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 31 January 2018 - 08:09 AM

I still get this worrisome "Repairing Drive" message when booting which started when this attack started. it says:

Scanning and repairing drive (\\?\Volume{44a68c15-76a4-4e64-9024-2a02f876aa}): 100% complete

Any idea where I can go to resolve that?


We'll address this at the end of the clean-up :)

Alright, now run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 31 January 2018 - 09:17 AM

Here's the report from FRST. 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Charlie (31-01-2018 09:02:12)
Running from C:\Users\Charlie\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-09 09:57:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3932784059-906377476-503307768-500 - Administrator - Disabled)
Charlie (S-1-5-21-3932784059-906377476-503307768-1001 - Administrator - Enabled) => C:\Users\Charlie
DefaultAccount (S-1-5-21-3932784059-906377476-503307768-503 - Limited - Disabled)
Guest (S-1-5-21-3932784059-906377476-503307768-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932784059-906377476-503307768-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3932784059-906377476-503307768-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.67.0007 - Brother)
Cisco WebEx Meetings (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
GDR 5207 for SQL Server 2014 (KB4019093) (64-bit) (HKLM\...\KB4019093) (Version: 12.2.5207.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.19.0.8126 (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\GoToMeeting) (Version: 8.19.0.8126 - LogMeIn, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A22EED3F-6DB6-4987-8023-6C6B7030E554}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{C20DACBE-19F2-47FF-AD22-BBB493499346}) (Version: 11.2.5643.3 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{FEC535DD-0EB2-4709-87BD-1708C6364EB6}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{6E21CC8A-5447-4C98-ABE6-9D0BCE8D540A}) (Version: 12.2.5207.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for SQL Server 2014 (KB3171021) (64-bit) (HKLM\...\KB3171021) (Version: 12.2.5000.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.2.5000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Xactimate 28 (HKLM-x32\...\{00280000-8116-4423-99E0-4A5D07E678E8}) (Version: 28.0.5156.35586 - Xactware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3932784059-906377476-503307768-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Charlie\AppData\Local\GoToMeeting\7943\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-21] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {21247DFA-4245-4044-BF92-A4F356174D15} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {238EDBCD-1C09-4F18-B99C-679D6655B64C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-21] (AVAST Software)
Task: {2FEE27C9-76C7-425C-A476-4DED330DD2A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {3BCAADD7-4828-4D72-BA4F-4C597F4877DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4FFFA8EF-A0B4-470F-9C6B-D8099B5FD50E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {72EAE53C-52D7-475D-98D5-4AEF5D578235} - System32\Tasks\S-1-5-21-3932784059-906377476-503307768-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {7FC6B5C2-2487-4C6D-B0DF-534466E9E7E0} - System32\Tasks\G2MUploadTask-S-1-5-21-3932784059-906377476-503307768-1001 => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupload.exe [2017-12-22] (LogMeIn, Inc.)
Task: {81944E6B-17B9-4574-BA3D-03FEEB9B48EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {8819E028-3EE3-4AD5-B974-C7E364BCC206} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8F0C75D7-C5EC-4ABA-9008-53831A81763B} - System32\Tasks\AdobeGCInvoker-1.0-CHARLIESLAPTOP-Charlie => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {A01070CF-1D3C-4402-ABB3-9F4EA9F9A477} - System32\Tasks\G2MUpdateTask-S-1-5-21-3932784059-906377476-503307768-1001 => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupdate.exe [2017-12-22] (LogMeIn, Inc.)
Task: {A87545E4-6A0D-4D79-959F-AB7583D1DE55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {B01E20CC-82FF-4E56-8C72-D19E2AA60A61} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-21] (AVAST Software)
Task: {B280C2B5-9496-43C5-A952-3450C48E86EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-06] (Microsoft Corporation)
Task: {B6317216-0363-4499-86DE-12199E4D6BA0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4672625-7DD4-4E74-9461-EFE13B74635F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {EDE6129F-39D3-4915-B96C-08C37A2E60FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3932784059-906377476-503307768-1001.job => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3932784059-906377476-503307768-1001.job => C:\Users\Charlie\AppData\Local\GoToMeeting\8126\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-01-04 15:23 - 2017-07-13 18:45 - 000099840 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-09 07:07 - 2017-12-09 07:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 07:07 - 2017-12-09 07:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-09 07:07 - 2017-12-09 07:07 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-12-09 07:07 - 2017-12-09 07:07 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-01-30 10:29 - 2018-01-30 10:30 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-10-26 08:20 - 2017-10-26 08:21 - 001921208 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8830.7600.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-01-21 22:58 - 2018-01-21 22:58 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-21 22:58 - 2018-01-21 22:58 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-21 22:58 - 2018-01-21 22:58 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-21 22:59 - 2018-01-21 22:59 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-21 22:58 - 2018-01-21 22:58 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-21 22:58 - 2018-01-21 22:58 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-06-12 15:59 - 000001132 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3932784059-906377476-503307768-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-80-1403080342-2827387752-2250493637-3338715181-2364043152\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "domesticitymagna"
HKLM\...\StartupApproved\Run: => "domesticitydomesticity"
HKLM\...\StartupApproved\Run: => "domesticity"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "XCDownloadApplet"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "novumrotated"
HKLM\...\StartupApproved\Run32: => "novumnovum"
HKLM\...\StartupApproved\Run32: => "novum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasntwasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "godzilla"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnadomesticity"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatednovum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "gloved"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnamagna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatedrotated"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotated"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4EF78B1D-894A-48F7-8B28-FD66723E31FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9030262D-9BBF-4B9F-B5F5-200EEBDE5605}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{561E15F9-6C1A-4383-BCE5-4B70362E1687}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{924677D8-0E6C-4B6F-AFA8-9C854F0B67EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5D75EC4-E36A-4817-A6A6-981A0318E76A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8EF9C3A7-AFC6-41DB-8043-9D3D7EFADABE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C19CCBD8-E32D-40E0-AAE2-9A3610A087EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{786C9EA6-83F5-4A0F-A3B7-3B9C52DAA441}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{E8C727D0-E900-4738-AB3D-FD76790CAA0B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{AE78C108-8E22-40CB-BC04-95AF44A71564}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{6669FFF7-9EE6-4710-AD8D-B0F91A450A19}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{2311B578-A505-481B-B88E-5F6B3FEF1E84}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{A5584FD0-9743-4A17-A472-3411FD8596EB}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{D240A6FE-8EFB-4292-B789-788CCCCB3FF9}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{AAB03EE7-9745-41D1-B164-A33A844A2B52}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{4EFD825A-F68D-4FD7-B46A-C2880153F151}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{A702B6D1-708E-4AB6-9D7C-2318EEBF0840}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0F872F31-C189-44C0-86A1-BF983E3F074B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{63581D7A-D755-4B53-B33C-9DE89E8B3737}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2018 12:25:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbamtray.exe version 3.0.0.1284 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 193c
 
Start Time: 01d39a50fada2be1
 
Termination Time: 60000
 
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
Report Id: 82b08faf-15c5-4bb4-83e8-9860737acd95
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/31/2018 12:05:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001a9a1a
Faulting process id: 0x193c
Faulting application start time: 0x01d39a50fada2be1
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 0a46c9d5-9284-4d24-b658-e4d3d1728b3b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/31/2018 12:02:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.16299.15, time stamp: 0x091f43e7
Faulting module name: shlwapi.dll, version: 10.0.16299.15, time stamp: 0xb84caa87
Exception code: 0xc0000005
Fault offset: 0x00013be1
Faulting process id: 0x1708
Faulting application start time: 0x01d39a50ada4bf94
Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Faulting module path: C:\WINDOWS\System32\shlwapi.dll
Report Id: dccf019f-f827-415f-be5c-a781ea844a9d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/30/2018 11:25:12 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/30/2018 11:25:12 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/30/2018 11:24:34 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/30/2018 11:24:34 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
 
Error: (01/29/2018 09:28:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service rpcnetp since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/28/2018 07:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: ec8
 
Start Time: 01d3989533e463e6
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: f04cca87-f3bc-4da1-adb4-828842ce5d44
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (01/28/2018 07:59:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CHARLIESLAPTOP)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (01/31/2018 08:59:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 08:56:34 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIESLAPTOP)
Description: The server 9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx.AppXd7yv3gyg9bkzg9pz33y90tg33g3ketmr.mca did not register with DCOM within the required timeout.
 
Error: (01/31/2018 02:05:35 AM) (Source: DCOM) (EventID: 10016) (User: CHARLIESLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CHARLIESLAPTOP\Charlie SID (S-1-5-21-3932784059-906377476-503307768-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 01:55:34 AM) (Source: DCOM) (EventID: 10016) (User: CHARLIESLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CHARLIESLAPTOP\Charlie SID (S-1-5-21-3932784059-906377476-503307768-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 01:09:44 AM) (Source: DCOM) (EventID: 10016) (User: CHARLIESLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CHARLIESLAPTOP\Charlie SID (S-1-5-21-3932784059-906377476-503307768-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 12:58:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 12:51:23 AM) (Source: DCOM) (EventID: 10016) (User: CHARLIESLAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user CHARLIESLAPTOP\Charlie SID (S-1-5-21-3932784059-906377476-503307768-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/31/2018 12:44:18 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIESLAPTOP)
Description: The server 9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx.AppXd7yv3gyg9bkzg9pz33y90tg33g3ketmr.mca did not register with DCOM within the required timeout.
 
Error: (01/31/2018 12:37:22 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIESLAPTOP)
Description: The server 9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx.AppXd7yv3gyg9bkzg9pz33y90tg33g3ketmr.mca did not register with DCOM within the required timeout.
 
Error: (01/31/2018 12:28:25 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIESLAPTOP)
Description: The server 9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm!x554f661dyd360y462cy8743yf8a99b7d41dbx.AppXd7yv3gyg9bkzg9pz33y90tg33g3ketmr.mca did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-30 10:33:28.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-28 03:09:39.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-28 03:09:39.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-28 03:09:39.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\msaoxpksvc.exe that did not meet the Unchecked signing level requirements.
 
  Date: 2018-01-16 22:58:40.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:32:45.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:23:42.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-16 21:23:35.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Users\Charlie\AppData\Roaming\Microsoft\Protect\d65560-86f5a1-16ee8180-0172f0-adb0.rs that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-09 05:02:59.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\identprv.dll that did not meet the Unchecked signing level requirements.
 
  Date: 2017-12-09 05:02:56.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SysWOW64\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\wceprv.dll that did not meet the Unchecked signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-4400M APU with Radeon™ HD Graphics 
Percentage of memory in use: 36%
Total physical RAM: 5596.73 MB
Available physical RAM: 3575.21 MB
Total Virtual: 5980.73 MB
Available Virtual: 3946.73 MB
 
==================== Drives ================================
 
Drive c: (TI10649600G) (Fixed) (Total:585.18 GB) (Free:493.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#12 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 31 January 2018 - 09:34 AM

Oooooo Snap! Here's the other half of the cheese cake!!! Noticed as I was closing things...I was like, "Why 2 windows......DOH!"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Charlie (administrator) on CHARLIESLAPTOP (31-01-2018 08:59:20)
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie & MSSQL$XACTWARE1 (Available Profiles: Charlie & MSSQL$XACTWARE1)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8830.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-21] (AVAST Software)
HKLM-x32\...\Run: [XCDownloadApplet] => C:\Program Files (x86)\Xactware\Xactimate28\CORE\XCDownloadApplet.exe [531920 2017-06-06] (Xactware)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-80-1403080342-2827387752-2250493637-3338715181-2364043152\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9003c790-29fb-41f4-9de2-56ead05c5951}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3932784059-906377476-503307768-1001 -> DefaultScope {65DF8768-4C97-4B82-B324-7659079A7E77} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: f1yx5fjz.default
FF ProfilePath: C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default [2018-01-28]
FF Extension: (Avast SafePrice) - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default\Extensions\sp@avast.com.xpi [2018-01-23]
FF Extension: (Avast Online Security) - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\f1yx5fjz.default\Extensions\wrc@avast.com.xpi [2018-01-21]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Users\Charlie\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-11-20] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default [2018-01-31]
CHR Extension: (Slides) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (YouTube) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Avast SafePrice) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-01-22]
CHR Extension: (Sheets) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-07]
CHR Extension: (AdBlock) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-27]
CHR Extension: (Avast Online Security) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-22]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-08-01]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-21] (AVAST Software)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99840 2017-07-13] () [File not signed]
R2 MSSQL$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
R2 MSSQL$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\sqlservr.exe [372416 2017-07-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
S4 SQLAgent$XACTWARE; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$XACTWARE1; C:\Program Files\Microsoft SQL Server\MSSQL12.XACTWARE1\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-03] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-06] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-06] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-21] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-21] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-21] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-21] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-01-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457896 2018-01-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-21] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S4 RsFx0320; C:\WINDOWS\System32\DRIVERS\RsFx0320.sys [250048 2016-06-18] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2017-09-29] (Realtek Semiconductor Corporation )
S3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-06] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-06] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-16] (Zemana Ltd.)
S1 kzmrwzfu; \??\C:\WINDOWS\system32\drivers\kzmrwzfu.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-31 08:56 - 2018-01-31 08:56 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-31 00:27 - 2018-01-31 08:55 - 000029336 _____ C:\WINDOWS\system32\wpbbin.exe
2018-01-31 00:27 - 2018-01-31 08:55 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2018-01-31 00:06 - 2018-01-31 00:06 - 000000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps
2018-01-30 22:28 - 2018-01-30 22:28 - 026917960 _____ (Adlice Software) C:\Users\Charlie\Downloads\RogueKiller_portable64 (1).exe
2018-01-30 11:07 - 2018-01-30 11:07 - 000001272 _____ C:\Users\Charlie\Desktop\Jan30MBscan.txt
2018-01-30 10:29 - 2018-01-30 10:30 - 081865688 _____ (Malwarebytes ) C:\Users\Charlie\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3811.exe
2018-01-30 03:18 - 2018-01-30 13:56 - 000000000 _____ C:\Recovery.txt
2018-01-29 09:35 - 2018-01-29 09:35 - 000000791 _____ C:\Users\Charlie\Downloads\Fixlog.txt
2018-01-28 09:26 - 2018-01-31 00:25 - 000000000 ____D C:\Users\Charlie\Documents\Virus Help
2018-01-28 08:45 - 2018-01-28 08:46 - 000035781 _____ C:\Users\Charlie\Downloads\Addition.txt
2018-01-28 08:44 - 2018-01-31 09:00 - 000015092 _____ C:\Users\Charlie\Downloads\FRST.txt
2018-01-28 08:44 - 2018-01-31 08:59 - 000000000 ____D C:\FRST
2018-01-28 08:44 - 2018-01-28 08:44 - 002393088 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2018-01-28 03:26 - 2018-01-30 22:31 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-28 03:25 - 2018-01-28 08:23 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-28 03:17 - 2018-01-28 03:18 - 000019482 _____ C:\TDSSKiller.3.1.0.16_28.01.2018_03.17.42_log.txt
2018-01-28 03:17 - 2018-01-28 03:17 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Charlie\Downloads\tdsskiller.exe
2018-01-27 23:56 - 2018-01-27 23:56 - 000113158 _____ C:\Users\Charlie\Documents\cc_20180127_235613.reg
2018-01-27 23:49 - 2018-01-27 23:50 - 011205832 _____ (Piriform Ltd) C:\Users\Charlie\Downloads\ccsetup539.exe
2018-01-25 01:10 - 2018-01-25 01:10 - 000000000 ____D C:\Users\Charlie\AppData\Local\ElevatedDiagnostics
2018-01-25 01:06 - 2018-01-25 01:06 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3932784059-906377476-503307768-1001
2018-01-24 23:29 - 2018-01-24 23:29 - 008206624 _____ (Malwarebytes) C:\Users\Charlie\Desktop\adwcleaner_7.0.7.0.exe
2018-01-24 23:18 - 2018-01-24 23:18 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-01-24 23:02 - 2018-01-28 00:55 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-01-24 23:01 - 2018-01-24 23:23 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-24 23:00 - 2018-01-24 23:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\hitmanpro_x64.exe
2018-01-23 23:00 - 2018-01-23 23:00 - 000063855 _____ C:\Users\Charlie\Downloads\Star.Trek.Discovery.S01E12.iNTERNAL.720p.WEB.x264-BAMBOOZLE[rartv]-[rarbg.to].torrent
2018-01-23 00:13 - 2018-01-23 00:13 - 009932672 _____ C:\Users\Charlie\Downloads\bitdefender_online(2).exe
2018-01-21 23:42 - 2018-01-21 23:42 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-01-21 23:10 - 2018-01-21 23:46 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-01-21 23:03 - 2018-01-21 23:03 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2018-01-21 23:01 - 2018-01-21 23:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-21 23:01 - 2018-01-21 23:01 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-21 23:01 - 2018-01-21 23:01 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-21 23:01 - 2018-01-21 23:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-21 23:01 - 2018-01-21 23:01 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-21 23:00 - 2018-01-29 23:22 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-21 23:00 - 2018-01-21 23:01 - 000457896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-21 23:00 - 2018-01-21 23:01 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-21 23:00 - 2018-01-21 22:59 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-21 23:00 - 2018-01-21 22:58 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-21 22:59 - 2018-01-21 22:59 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-21 22:57 - 2018-01-21 22:57 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-21 22:56 - 2018-01-21 23:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-21 22:56 - 2018-01-21 22:56 - 007172032 _____ (AVAST Software) C:\Users\Charlie\Downloads\avast_free_antivirus_setup_online.exe
2018-01-21 01:36 - 2018-01-28 23:05 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Mozilla
2018-01-21 01:36 - 2018-01-21 01:40 - 000000000 ____D C:\Users\Charlie\AppData\Local\Mozilla
2018-01-21 01:36 - 2018-01-21 01:36 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-21 01:36 - 2018-01-21 01:36 - 000001004 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-21 01:36 - 2018-01-21 01:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-21 01:36 - 2018-01-21 01:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-21 01:35 - 2018-01-21 01:35 - 000311232 _____ (Mozilla) C:\Users\Charlie\Downloads\Firefox Installer.exe
2018-01-21 00:42 - 2018-01-21 00:43 - 000000000 ____D C:\Users\Charlie\Downloads\backups
2018-01-21 00:32 - 2018-01-21 00:32 - 000388608 _____ (Trend Micro Inc.) C:\Users\Charlie\Downloads\HijackThis.exe
2018-01-19 22:34 - 2018-01-19 22:34 - 000863696 _____ (Malwarebytes) C:\Users\Charlie\Downloads\mb-clean-3.1.0.1031.exe
2018-01-19 18:53 - 2018-01-19 18:53 - 000003592 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-CHARLIESLAPTOP-Charlie
2018-01-19 18:50 - 2018-01-19 18:50 - 002517523 _____ C:\Users\Charlie\Downloads\LiftMaster 1345 Owners Manual.pdf
2018-01-16 23:32 - 2018-01-30 23:40 - 000000000 ____D C:\AdwCleaner
2018-01-16 23:19 - 2018-01-31 09:00 - 000028280 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-16 23:19 - 2018-01-21 01:47 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-16 23:19 - 2018-01-21 01:42 - 000086868 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-16 23:19 - 2018-01-16 23:19 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-16 23:19 - 2018-01-16 23:19 - 000000000 ____D C:\Users\Charlie\AppData\Local\Zemana
2018-01-16 22:54 - 2018-01-16 22:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-16 22:53 - 2018-01-16 22:53 - 083316440 _____ (Malwarebytes ) C:\Users\Charlie\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-16 22:38 - 2018-01-21 22:22 - 000002754 _____ C:\Users\Charlie\Desktop\Rkill.txt
2018-01-16 22:35 - 2018-01-16 22:35 - 008198432 _____ (Malwarebytes) C:\Users\Charlie\Downloads\AdwCleaner.exe
2018-01-16 22:34 - 2018-01-16 22:34 - 006625600 _____ (Zemana Ltd. ) C:\Users\Charlie\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-16 22:33 - 2018-01-16 22:33 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Charlie\Downloads\rkill.exe
2018-01-16 21:31 - 2018-01-27 23:25 - 000000000 ____D C:\Users\Charlie\AppData\Local\exeicws
2018-01-16 21:28 - 2018-01-30 03:37 - 000000000 ____D C:\Users\Charlie\AppData\Local\msewkpu
2018-01-16 21:28 - 2018-01-30 03:37 - 000000000 ____D C:\Users\Charlie\AppData\Local\exrhlno
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nicpmra
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\WINDOWS\system32\nicpmra
2018-01-16 21:26 - 2018-01-16 21:26 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\et
2018-01-16 05:24 - 2018-01-16 05:24 - 000051643 _____ C:\WINDOWS\uninstaller.dat
2018-01-14 14:56 - 2018-01-14 14:56 - 000053611 _____ C:\Users\Charlie\Downloads\Airbnb Travel Itinerary, Confirmation Code HMXJAAPMZS.pdf
2018-01-13 20:07 - 2018-01-13 20:07 - 000426383 _____ C:\Users\Charlie\Downloads\2005-subaru-forester-33111.pdf
2018-01-12 15:09 - 2018-01-15 23:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-09 23:49 - 2018-01-29 00:01 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\vlc
2018-01-09 23:47 - 2018-01-09 23:47 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-09 23:47 - 2018-01-09 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-09 23:46 - 2018-01-09 23:46 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-09 23:45 - 2018-01-09 23:45 - 030863288 _____ C:\Users\Charlie\Downloads\vlc-2.2.8-win32.exe
2018-01-09 17:16 - 2018-01-09 17:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-01-09 13:59 - 2018-01-09 13:59 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1) (1).pdf
2018-01-09 13:50 - 2018-01-09 15:50 - 000792040 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2018.pdf
2018-01-09 13:27 - 2018-01-09 13:51 - 002746583 ____H C:\Users\Charlie\Downloads\~WRL0005.tmp
2018-01-09 13:09 - 2018-01-09 13:09 - 000484555 _____ C:\Users\Charlie\Downloads\Poland Culinary Vacations Flyer Spa and Wine 2017 11-11-16 (1).pdf
2018-01-06 22:34 - 2018-01-20 21:11 - 000000000 ____D C:\Users\Charlie\Downloads\Memes
2018-01-05 17:16 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 17:16 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 17:16 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 17:16 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 17:16 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 17:16 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 17:16 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 17:16 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 17:16 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 17:16 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 17:16 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 17:16 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 17:16 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 17:16 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 17:16 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 17:16 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 17:16 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 17:16 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 17:16 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 17:16 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 17:16 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 17:16 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 17:16 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 17:16 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 17:16 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 17:16 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 17:16 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 17:16 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 17:16 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 17:16 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 17:16 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 17:16 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 17:16 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 17:16 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 17:16 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 17:16 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 17:16 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 17:16 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 17:16 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 17:16 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 17:16 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 17:16 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 17:16 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 17:16 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 17:16 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 17:16 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 17:16 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 17:16 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 17:16 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 17:16 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 17:16 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 17:16 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 17:16 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 17:16 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 17:16 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 17:16 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 17:16 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 17:16 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 17:16 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 17:16 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 17:16 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 17:16 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 17:16 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 17:16 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 17:16 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 17:16 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 17:16 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 17:16 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 17:16 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 17:16 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 17:16 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 17:16 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 17:16 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 17:16 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 17:16 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 17:16 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 17:16 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 17:16 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-05 17:16 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 17:16 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 17:15 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 17:15 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 17:15 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 17:15 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 17:15 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 17:15 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 17:15 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 17:15 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 17:15 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 17:15 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 17:15 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 17:15 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 17:15 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 17:15 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 17:15 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 17:15 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 17:15 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 17:15 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 17:15 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 17:15 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 17:15 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 17:15 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 17:15 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 17:15 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 17:15 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 17:15 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 17:15 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 17:15 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 17:15 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 17:15 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 17:15 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 17:15 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 17:15 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 17:15 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 17:15 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 17:15 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 17:15 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 17:15 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 17:15 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 17:15 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 17:15 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 17:15 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 17:15 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 17:15 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 17:15 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 17:15 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 17:15 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 17:15 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 17:15 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 17:15 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 17:15 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 17:15 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 17:15 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 17:15 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 17:15 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 17:15 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 17:15 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 17:15 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 17:15 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 17:15 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 17:15 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 17:15 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 17:15 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 17:15 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 17:15 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 17:15 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 17:15 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 17:15 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 17:15 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 17:15 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 17:15 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 17:15 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 17:15 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 17:15 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 17:15 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 17:15 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-04 15:23 - 2018-01-04 15:23 - 000002240 _____ C:\Users\Public\Desktop\BRAdmin Professional 3.lnk
2018-01-04 15:23 - 2018-01-04 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother Administrator Utilities
2018-01-04 15:23 - 2018-01-04 15:23 - 000000000 ____D C:\Program Files (x86)\Brother
2018-01-04 15:21 - 2018-01-04 15:22 - 023358368 _____ (Brother Industries, Ltd.) C:\Users\Charlie\Downloads\ba3670007eur.exe
2018-01-04 14:43 - 2018-01-04 14:43 - 002234362 _____ C:\Users\Charlie\Downloads\cv_dcp7060d_usaeng_ausr.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-31 09:00 - 2017-12-09 04:55 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB56A88E-0B2A-439C-A936-95B41BD32268}
2018-01-31 08:55 - 2017-12-09 04:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-31 08:55 - 2017-06-15 13:13 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2018-01-31 08:55 - 2017-06-15 13:11 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2018-01-31 02:06 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-31 02:06 - 2016-06-07 22:04 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-31 01:16 - 2017-11-20 15:15 - 000000000 ____D C:\Users\Charlie\Documents\AeroFolder
2018-01-30 10:30 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-30 10:30 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-30 10:29 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-30 00:32 - 2017-09-29 03:45 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2018-01-30 00:07 - 2017-12-09 04:53 - 000002183 _____ C:\WINDOWS\diagerr.xml
2018-01-30 00:07 - 2017-12-09 04:53 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2018-01-30 00:00 - 2017-12-09 04:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-29 22:57 - 2017-12-09 04:25 - 000389784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-29 22:56 - 2017-12-09 04:32 - 000000000 ____D C:\Users\Charlie
2018-01-29 09:33 - 2016-06-22 15:27 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\uTorrent
2018-01-29 09:31 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-29 09:31 - 2016-06-12 18:29 - 000000000 ____D C:\ProgramData\Adobe
2018-01-29 09:25 - 2017-12-09 04:32 - 000000000 ____D C:\Users\MSSQL$XACTWARE1
2018-01-28 04:08 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-28 02:56 - 2017-12-09 04:55 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3932784059-906377476-503307768-1001
2018-01-28 02:56 - 2017-06-15 13:48 - 000002425 _____ C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-28 02:56 - 2016-06-07 21:32 - 000000000 ___RD C:\Users\Charlie\OneDrive
2018-01-28 01:40 - 2017-12-05 21:28 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-27 23:55 - 2016-07-09 19:11 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\PhotoScape
2018-01-27 23:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-25 00:13 - 2016-06-07 21:38 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-21 01:36 - 2017-11-20 17:02 - 000000000 ____D C:\Users\Charlie\AppData\Roaming\Mozilla
2018-01-16 22:20 - 2017-12-09 04:52 - 001584236 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-16 21:32 - 2016-06-07 21:38 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-16 17:12 - 2016-08-12 18:54 - 000000000 ____D C:\Users\Charlie\Documents\ValveMan
2018-01-09 17:24 - 2016-06-08 18:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 17:20 - 2017-10-17 08:33 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 17:20 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 17:20 - 2016-06-08 18:47 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 17:19 - 2017-10-12 08:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-09 17:15 - 2015-10-30 02:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-01-09 13:13 - 2017-12-09 04:33 - 000000000 ____D C:\Users\Charlie\AppData\Local\Packages
2018-01-07 18:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 19:17 - 2017-12-10 12:47 - 000000000 ___RD C:\Users\Charlie\3D Objects
2018-01-05 19:17 - 2016-06-07 21:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-05 19:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-05 19:11 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-05 17:20 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 17:19 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 17:19 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 16:21 - 2017-11-20 15:15 - 000000000 ____D C:\Users\Charlie\Documents\AdjusterMan
2018-01-04 15:23 - 2016-06-08 00:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-03 18:40 - 2017-11-20 17:02 - 000000000 ____D C:\Users\Charlie\AppData\LocalLow\Temp
 
Some files in TEMP:
====================
2018-01-28 03:25 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\Users\Charlie\AppData\Local\Temp\dllnt_dump.dll
2018-01-28 02:51 - 2018-01-24 23:00 - 011605440 _____ (SurfRight B.V.) C:\Users\Charlie\AppData\Local\Temp\HitmanPro.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-30 23:48
 
==================== End of FRST.txt ============================


#13 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 31 January 2018 - 09:37 AM

Also, I want to send a few shekels to bleeping computer or you for your efforts here. Is there a way to do that?



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 31 January 2018 - 10:02 AM

Also, I want to send a few shekels to bleeping computer or you for your efforts here. Is there a way to do that?


BleepingComputer doesn't accept donations at the moment, nor do I. I would rather see you investing money in a better security setup, or, donate this money to a local charity of your choice, as I'm sure that they need it way more than we do :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 ChazInMT

ChazInMT
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 AM

Posted 31 January 2018 - 02:06 PM

Okie Dokie....Here's this then.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Charlie (31-01-2018 13:53:55) Run:2
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie & MSSQL$XACTWARE1 (Available Profiles: Charlie & MSSQL$XACTWARE1)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
S1 kzmrwzfu; \??\C:\WINDOWS\system32\drivers\kzmrwzfu.sys [X]
 
HKLM\...\StartupApproved\Run: => "domesticitymagna"
HKLM\...\StartupApproved\Run: => "domesticitydomesticity"
HKLM\...\StartupApproved\Run: => "domesticity"
HKLM\...\StartupApproved\Run32: => "novumrotated"
HKLM\...\StartupApproved\Run32: => "novumnovum"
HKLM\...\StartupApproved\Run32: => "novum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasntwasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\StartupFolder: => "wasnt.lnk"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "godzilla"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnadomesticity"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatednovum"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "gloved"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magnamagna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "magna"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotatedrotated"
HKU\S-1-5-21-3932784059-906377476-503307768-1001\...\StartupApproved\Run: => "rotated"
 
C:\Users\Charlie\AppData\Local\exeicws
C:\Users\Charlie\AppData\Local\msewkpu
C:\Users\Charlie\AppData\Local\exrhlno
C:\Users\Charlie\AppData\Roaming\et
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\nicpmra
C:\WINDOWS\SysWOW64\nicpmra
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\System\CurrentControlSet\Services\kzmrwzfu" => removed successfully
kzmrwzfu => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\domesticitymagna" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\domesticitymagna" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\domesticitydomesticity" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\domesticitydomesticity" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\domesticity" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\domesticity" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\novumrotated" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\novumrotated" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\novumnovum" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\novumnovum" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\novum" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\novum" => not found
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wasntwasnt.lnk" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\wasntwasnt.lnk" => removed successfully
"C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wasnt.lnk" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\wasnt.lnk" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\godzilla" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\godzilla" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\magnadomesticity" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\magnadomesticity" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rotatednovum" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rotatednovum" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\gloved" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gloved" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\magnamagna" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\magnamagna" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\magna" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\magna" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rotatedrotated" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rotatedrotated" => not found
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\rotated" => removed successfully
"HKU\S-1-5-21-3932784059-906377476-503307768-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rotated" => not found
C:\Users\Charlie\AppData\Local\exeicws => moved successfully
C:\Users\Charlie\AppData\Local\msewkpu => moved successfully
C:\Users\Charlie\AppData\Local\exrhlno => moved successfully
C:\Users\Charlie\AppData\Roaming\et => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\system32\nicpmra => moved successfully
C:\WINDOWS\SysWOW64\nicpmra => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44535360 B
Java, Flash, Steam htmlcache => 58729867 B
Windows/system/drivers => 308621781 B
Edge => 320950 B
Chrome => 458627652 B
Firefox => 64452317 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27062 B
NetworkService => 0 B
Charlie => 58696809 B
MSSQL$XACTWARE1 => 6656 B
 
RecycleBin => 32925302 B
EmptyTemp: => 986.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:57:46 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users