Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.gen.NPE


  • This topic is locked This topic is locked
10 replies to this topic

#1 COCD

COCD

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:03 AM

Posted 31 January 2018 - 11:28 PM

Hi there,

 

Norton has blocked this virus on a computer in my workplace and I'm needing help with a fix. Below is the FRST log if that is helpful.

 

Any advice would be much appreciated.

 

Carole

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by dcocm (administrator) on DESKTOP-PNQEJSU (01-02-2018 13:43:20)
Running from C:\Users\dcocm\Desktop
Loaded Profiles: dcocm (Available Profiles: dcocm)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Symantec Corporation) C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NSBU.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Symantec Corporation) C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NSBU.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Oracle Corporation) C:\Users\dcocm\AppData\Roaming\Oracle\bin\javaw.exe
(MYOB Technology Pty. Ltd.) C:\Users\dcocm\AppData\Local\Programs\MYOB\AddOnConnector\2.0.2017.1\MYOB.AccountRight.API.AddOnConnector.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-01-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-04-02] (Acresso Corporation)
HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\Run: [YBaouulWYBc] => "C:\Users\dcocm\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\Users\dcocm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MYOB Add-On Connector.lnk [2017-06-27]
ShortcutTarget: MYOB Add-On Connector.lnk -> C:\Users\dcocm\AppData\Local\Programs\MYOB\AddOnConnector\2.0.2017.1\MYOB.AccountRight.API.AddOnConnector.exe (MYOB Technology Pty. Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [65536 2017-09-29] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [65536 2017-09-29] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a2ffb663-96ba-424d-a9d8-dd473c03b7f8}: [NameServer] 192.168.2.20,192.168.2.1
Tcpip\..\Interfaces\{a2ffb663-96ba-424d-a9d8-dd473c03b7f8}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gfe_rd=cr&ei=kZqGWM66B8zN8gfE-KaIBw&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2217450717-2265245485-1544014162-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1010030&geo=AU&ver=22.11.2.7&locale=en_AU&guid=FB4A77B3-F712-4581-96BF-E9311E041992&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security with Backup\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-25] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security with Backup\Engine32\22.11.2.7\coIEPlg.dll [2017-11-11] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: fdfbkapy.default
FF ProfilePath: C:\Users\dcocm\AppData\Roaming\Mozilla\Firefox\Profiles\fdfbkapy.default [2018-02-01]
FF Homepage: Mozilla\Firefox\Profiles\fdfbkapy.default -> hxxp://www.abc.net.au/news/
FF Extension: (AUSkey) - C:\Users\dcocm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@au.gov.abr.auskeyfirefox.xpi [2017-04-11]
FF Extension: (IBM Security Rapport) - C:\Users\dcocm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jmegndhbalhkegdidohofafobbcabine] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-01-22] (Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NSBU; C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NSBU.exe [326144 2017-11-11] (Symantec Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-09] (IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 BHDrvx64; C:\Program Files\Norton Security with Backup\NortonData\22.11.2.7\Definitions\BASHDefs\20180130.003\BHDrvx64.sys [1872024 2017-12-04] (Symantec Corporation)
R1 ccSet_NSBU; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\ccSetx64.sys [187544 2017-11-11] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-01-04] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 IDSVia64; C:\Program Files\Norton Security with Backup\NortonData\22.11.2.7\Definitions\IPSDefs\20180130.001\IDSvia64.sys [1056920 2017-12-06] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-02-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-02-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-02-01] (Malwarebytes)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [491176 2018-01-09] (IBM Corp.)
R1 RapportCerberus_1908101; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908101.sys [1637352 2018-01-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [704616 2018-01-09] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [339944 2018-01-09] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [599528 2018-01-09] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [745136 2018-01-09] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 SRTSP; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\SRTSP64.SYS [812696 2017-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\SRTSPX64.SYS [49304 2017-11-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSBUx64\160B020.007\SYMEFASI64.SYS [1938584 2017-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSBUx64\160B020.007\SymELAM.sys [24608 2017-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102600 2017-12-06] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\Ironx64.SYS [309984 2017-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSBUx64\160B020.007\SYMNETS.SYS [566936 2017-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-01 13:21 - 2018-02-01 13:43 - 000015702 _____ C:\Users\dcocm\Desktop\FRST.txt
2018-02-01 13:18 - 2018-02-01 13:18 - 002393088 _____ (Farbar) C:\Users\dcocm\Desktop\FRST64.exe
2018-02-01 13:07 - 2018-02-01 13:11 - 000000000 ____D C:\AdwCleaner
2018-02-01 13:06 - 2018-02-01 13:06 - 008206624 _____ (Malwarebytes) C:\Users\dcocm\Desktop\adwcleaner_7.0.7.0.exe
2018-02-01 12:54 - 2018-02-01 13:13 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-01 12:54 - 2018-02-01 13:13 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-02-01 12:54 - 2018-02-01 13:13 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-02-01 12:54 - 2018-02-01 13:13 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-02-01 12:54 - 2018-02-01 12:54 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-02-01 12:54 - 2018-02-01 12:54 - 000001915 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-01 12:54 - 2018-02-01 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-01 12:54 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-01 12:53 - 2018-02-01 12:53 - 082095216 _____ (Malwarebytes ) C:\Users\dcocm\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3830.exe
2018-02-01 12:53 - 2018-02-01 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-01 12:53 - 2018-02-01 12:53 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-01 12:44 - 2018-02-01 12:54 - 000000920 _____ C:\WINDOWS\ntbtlog.txt
2018-02-01 12:14 - 2018-02-01 12:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-01-30 11:59 - 2018-01-30 11:59 - 000000000 ____D C:\Users\dcocm\fUTkALeaTxM
2018-01-30 11:50 - 2018-01-30 11:50 - 000000000 ___HD C:\Users\dcocm\cVSrRBdhCSq
2018-01-25 14:30 - 2018-01-25 14:30 - 001861696 _____ (Oracle Corporation) C:\Users\dcocm\Downloads\JavaSetup8u161.exe
2018-01-25 08:19 - 2018-01-25 08:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-23 14:20 - 2018-01-23 14:20 - 000020345 _____ C:\Users\dcocm\Downloads\PaymentHistoryDetails(43).pdf
2018-01-23 13:56 - 2018-01-23 14:14 - 000000000 ____D C:\Users\dcocm\Desktop\Audrey Photos
2018-01-22 20:49 - 2018-01-22 20:49 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-01-22 20:49 - 2018-01-22 20:49 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-01-22 20:49 - 2018-01-22 20:49 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-01-22 20:49 - 2018-01-22 20:49 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-01-16 17:16 - 2018-01-16 17:16 - 069836710 _____ C:\Users\dcocm\Downloads\DWA-131_Windows_Driver_V5.04b03.zip
2018-01-08 08:49 - 2018-01-01 22:21 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-08 08:49 - 2018-01-01 22:21 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-08 08:49 - 2018-01-01 22:19 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-08 08:49 - 2018-01-01 22:18 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-08 08:49 - 2018-01-01 22:18 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-08 08:49 - 2018-01-01 22:17 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-08 08:49 - 2018-01-01 22:16 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-08 08:49 - 2018-01-01 22:16 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-08 08:49 - 2018-01-01 22:15 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-08 08:49 - 2018-01-01 22:15 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-08 08:49 - 2018-01-01 22:15 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-08 08:49 - 2018-01-01 22:12 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-08 08:49 - 2018-01-01 22:10 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-08 08:49 - 2018-01-01 22:09 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-08 08:49 - 2018-01-01 22:09 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-08 08:49 - 2018-01-01 22:09 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-08 08:49 - 2018-01-01 22:07 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-08 08:49 - 2018-01-01 22:06 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-08 08:49 - 2018-01-01 22:05 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-08 08:49 - 2018-01-01 22:04 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-08 08:49 - 2018-01-01 22:03 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-08 08:49 - 2018-01-01 22:02 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-08 08:49 - 2018-01-01 21:57 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-08 08:49 - 2018-01-01 21:56 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-08 08:49 - 2018-01-01 21:55 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-08 08:49 - 2018-01-01 21:55 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-08 08:49 - 2018-01-01 21:23 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-08 08:49 - 2018-01-01 21:15 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-08 08:49 - 2018-01-01 21:15 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-08 08:49 - 2018-01-01 21:12 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-08 08:49 - 2018-01-01 21:12 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-08 08:49 - 2018-01-01 21:12 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-08 08:49 - 2018-01-01 21:12 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-08 08:49 - 2018-01-01 21:07 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-08 08:49 - 2018-01-01 21:04 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-08 08:49 - 2018-01-01 20:55 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-08 08:49 - 2018-01-01 20:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-08 08:49 - 2018-01-01 20:54 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-08 08:49 - 2018-01-01 20:54 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-08 08:49 - 2018-01-01 20:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-08 08:49 - 2018-01-01 20:53 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-08 08:49 - 2018-01-01 20:51 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-08 08:49 - 2018-01-01 20:50 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-08 08:49 - 2018-01-01 20:50 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-08 08:49 - 2018-01-01 20:49 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-08 08:49 - 2018-01-01 20:49 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-08 08:49 - 2018-01-01 20:49 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-08 08:49 - 2018-01-01 20:49 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-08 08:49 - 2018-01-01 20:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-08 08:49 - 2018-01-01 20:48 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-08 08:49 - 2018-01-01 20:48 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-08 08:49 - 2018-01-01 20:47 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-08 08:49 - 2018-01-01 20:47 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-08 08:49 - 2018-01-01 20:47 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-08 08:49 - 2018-01-01 20:47 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-08 08:49 - 2018-01-01 20:46 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-08 08:49 - 2018-01-01 20:45 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-08 08:49 - 2018-01-01 20:45 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-08 08:49 - 2018-01-01 20:45 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-08 08:49 - 2018-01-01 20:44 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-08 08:49 - 2018-01-01 20:44 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-08 08:49 - 2018-01-01 20:43 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-08 08:49 - 2018-01-01 20:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-08 08:49 - 2018-01-01 20:43 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-08 08:49 - 2018-01-01 20:42 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-08 08:49 - 2018-01-01 20:42 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-08 08:49 - 2018-01-01 20:42 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-08 08:49 - 2018-01-01 20:41 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-08 08:49 - 2018-01-01 20:41 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-08 08:49 - 2018-01-01 20:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-08 08:49 - 2018-01-01 20:41 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-08 08:49 - 2018-01-01 20:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-08 08:49 - 2018-01-01 20:39 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-08 08:49 - 2018-01-01 20:39 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-08 08:49 - 2018-01-01 20:38 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-08 08:48 - 2018-01-02 02:45 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-08 08:48 - 2018-01-01 22:24 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-08 08:48 - 2018-01-01 22:23 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-08 08:48 - 2018-01-01 22:22 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-08 08:48 - 2018-01-01 22:21 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-08 08:48 - 2018-01-01 22:21 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-08 08:48 - 2018-01-01 22:21 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-08 08:48 - 2018-01-01 22:20 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-08 08:48 - 2018-01-01 22:20 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-08 08:48 - 2018-01-01 22:20 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-08 08:48 - 2018-01-01 22:20 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-08 08:48 - 2018-01-01 22:19 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-08 08:48 - 2018-01-01 22:19 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-08 08:48 - 2018-01-01 22:19 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-08 08:48 - 2018-01-01 22:18 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-08 08:48 - 2018-01-01 22:17 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-08 08:48 - 2018-01-01 22:16 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-08 08:48 - 2018-01-01 22:16 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-08 08:48 - 2018-01-01 22:13 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-08 08:48 - 2018-01-01 22:13 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-08 08:48 - 2018-01-01 22:13 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-08 08:48 - 2018-01-01 22:12 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-08 08:48 - 2018-01-01 22:12 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-08 08:48 - 2018-01-01 22:12 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-08 08:48 - 2018-01-01 22:12 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-08 08:48 - 2018-01-01 22:11 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-08 08:48 - 2018-01-01 22:11 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-08 08:48 - 2018-01-01 22:11 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-08 08:48 - 2018-01-01 22:09 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-08 08:48 - 2018-01-01 22:09 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-08 08:48 - 2018-01-01 22:08 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-08 08:48 - 2018-01-01 22:08 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-08 08:48 - 2018-01-01 22:08 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-08 08:48 - 2018-01-01 22:08 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-08 08:48 - 2018-01-01 22:08 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-08 08:48 - 2018-01-01 22:07 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-08 08:48 - 2018-01-01 22:06 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-08 08:48 - 2018-01-01 22:06 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-08 08:48 - 2018-01-01 22:06 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-08 08:48 - 2018-01-01 22:06 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-08 08:48 - 2018-01-01 22:05 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-08 08:48 - 2018-01-01 22:04 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-08 08:48 - 2018-01-01 22:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-08 08:48 - 2018-01-01 22:04 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-08 08:48 - 2018-01-01 22:03 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-08 08:48 - 2018-01-01 22:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-08 08:48 - 2018-01-01 21:57 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-08 08:48 - 2018-01-01 21:56 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-08 08:48 - 2018-01-01 21:53 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-08 08:48 - 2018-01-01 21:51 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-08 08:48 - 2018-01-01 21:51 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-08 08:48 - 2018-01-01 21:36 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-08 08:48 - 2018-01-01 21:33 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-08 08:48 - 2018-01-01 21:33 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-08 08:48 - 2018-01-01 21:33 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-08 08:48 - 2018-01-01 21:33 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-08 08:48 - 2018-01-01 21:19 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-08 08:48 - 2018-01-01 21:19 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-08 08:48 - 2018-01-01 21:16 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-08 08:48 - 2018-01-01 21:16 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-08 08:48 - 2018-01-01 21:15 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-08 08:48 - 2018-01-01 21:15 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-08 08:48 - 2018-01-01 21:13 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-08 08:48 - 2018-01-01 21:12 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-08 08:48 - 2018-01-01 21:12 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-08 08:48 - 2018-01-01 21:12 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-08 08:48 - 2018-01-01 21:12 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-08 08:48 - 2018-01-01 20:55 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-08 08:48 - 2018-01-01 20:55 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-08 08:48 - 2018-01-01 20:55 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-08 08:48 - 2018-01-01 20:54 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-08 08:48 - 2018-01-01 20:54 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-08 08:48 - 2018-01-01 20:54 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-08 08:48 - 2018-01-01 20:53 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-08 08:48 - 2018-01-01 20:53 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-08 08:48 - 2018-01-01 20:53 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-08 08:48 - 2018-01-01 20:53 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-08 08:48 - 2018-01-01 20:53 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-08 08:48 - 2018-01-01 20:53 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-08 08:48 - 2018-01-01 20:53 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-08 08:48 - 2018-01-01 20:52 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-08 08:48 - 2018-01-01 20:52 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-08 08:48 - 2018-01-01 20:52 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-08 08:48 - 2018-01-01 20:52 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-08 08:48 - 2018-01-01 20:51 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-08 08:48 - 2018-01-01 20:51 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-08 08:48 - 2018-01-01 20:51 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-08 08:48 - 2018-01-01 20:51 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-08 08:48 - 2018-01-01 20:51 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-08 08:48 - 2018-01-01 20:51 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-08 08:48 - 2018-01-01 20:51 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-08 08:48 - 2018-01-01 20:51 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-08 08:48 - 2018-01-01 20:50 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-08 08:48 - 2018-01-01 20:50 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-08 08:48 - 2018-01-01 20:50 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-08 08:48 - 2018-01-01 20:49 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-08 08:48 - 2018-01-01 20:49 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-08 08:48 - 2018-01-01 20:49 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-08 08:48 - 2018-01-01 20:49 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-08 08:48 - 2018-01-01 20:49 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-08 08:48 - 2018-01-01 20:48 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-08 08:48 - 2018-01-01 20:47 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-08 08:48 - 2018-01-01 20:47 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-08 08:48 - 2018-01-01 20:46 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-08 08:48 - 2018-01-01 20:45 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-08 08:48 - 2018-01-01 20:44 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-08 08:48 - 2018-01-01 20:43 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-08 08:48 - 2018-01-01 20:43 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-08 08:48 - 2018-01-01 20:43 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-08 08:48 - 2018-01-01 20:43 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-08 08:48 - 2018-01-01 20:43 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-08 08:48 - 2018-01-01 20:42 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-08 08:48 - 2018-01-01 20:42 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-08 08:48 - 2018-01-01 20:42 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-08 08:48 - 2018-01-01 20:42 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-08 08:48 - 2018-01-01 20:41 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-08 08:48 - 2018-01-01 20:41 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-08 08:48 - 2018-01-01 20:40 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-08 08:48 - 2018-01-01 20:40 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-08 08:48 - 2018-01-01 20:40 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-08 08:48 - 2018-01-01 20:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-08 08:48 - 2018-01-01 20:39 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-08 08:48 - 2018-01-01 20:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-08 08:48 - 2018-01-01 20:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-08 08:48 - 2018-01-01 20:38 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-08 08:48 - 2018-01-01 20:36 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-08 08:48 - 2018-01-01 20:35 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-08 08:48 - 2018-01-01 20:35 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-08 08:48 - 2018-01-01 20:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-01 13:43 - 2016-05-26 11:59 - 000000000 ____D C:\FRST
2018-02-01 13:20 - 2017-11-10 10:30 - 001134646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-01 13:18 - 2017-12-06 11:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-02-01 13:15 - 2016-11-17 08:37 - 000000000 ____D C:\Users\dcocm\AppData\LocalLow\Mozilla
2018-02-01 13:13 - 2017-11-10 10:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-01 13:13 - 2017-08-17 11:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-01 13:13 - 2016-04-22 14:13 - 000000000 __SHD C:\Users\dcocm\IntelGraphicsProfiles
2018-02-01 13:12 - 2017-09-29 18:15 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-02-01 12:51 - 2016-05-26 09:52 - 000000000 ____D C:\Users\dcocm\AppData\Local\NPE
2018-02-01 12:45 - 2016-05-26 11:41 - 000000000 ____D C:\NPE
2018-02-01 12:15 - 2017-11-10 10:13 - 000000000 ____D C:\Users\dcocm\AppData\Local\Packages
2018-02-01 10:25 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-01 10:19 - 2017-11-10 10:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-01 09:41 - 2017-11-10 10:31 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2217450717-2265245485-1544014162-1001
2018-02-01 09:41 - 2017-09-29 23:16 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-01 09:41 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-01 09:41 - 2016-04-22 14:10 - 000002412 _____ C:\Users\dcocm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-01 09:41 - 2016-04-22 14:10 - 000000000 ___RD C:\Users\dcocm\OneDrive
2018-02-01 09:40 - 2017-11-10 10:31 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBA70F9A-AF55-4550-BC81-E35EB37B2481}
2018-02-01 09:34 - 2017-09-04 08:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-01 09:34 - 2016-04-27 16:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 11:31 - 2017-11-23 11:26 - 012918784 _____ C:\Users\dcocm\Desktop\COCentre_Appl V8.23.accdb
2018-01-30 12:00 - 2017-09-29 18:15 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-30 11:59 - 2017-11-10 10:12 - 000000000 ____D C:\Users\dcocm
2018-01-30 11:58 - 2016-04-27 16:54 - 000001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-30 09:01 - 2016-04-27 17:25 - 000003846 ___SH C:\Users\dcocm\.pr_stat_data
2018-01-30 08:57 - 2016-04-27 17:27 - 000000027 ___SH C:\Users\dcocm\.pr_data
2018-01-30 08:37 - 2016-04-27 17:25 - 000000000 ____D C:\Users\dcocm\OneDrive\Documents\My Library
2018-01-29 16:14 - 2016-04-27 09:26 - 000000204 _____ C:\WINDOWS\MYOBP.INI
2018-01-29 16:14 - 2016-04-27 09:26 - 000000039 _____ C:\WINDOWS\MYOB.INI
2018-01-25 14:33 - 2017-03-31 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-25 14:33 - 2017-03-31 11:24 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-25 14:33 - 2016-04-27 16:48 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 14:31 - 2017-03-31 11:24 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 08:20 - 2017-05-03 14:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-24 17:01 - 2017-12-19 13:23 - 000000000 ____D C:\Users\dcocm\AppData\Local\ElevatedDiagnostics
2018-01-23 15:33 - 2016-04-27 09:23 - 000000000 ____D C:\Plus19
2018-01-22 16:22 - 2017-09-29 23:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-21 09:05 - 2016-04-28 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-01-19 08:46 - 2016-06-01 09:02 - 000009376 _____ C:\Users\dcocm\AppData\Roaming\Comma Separated Values.EML
2018-01-11 13:52 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\rescache
2018-01-10 13:09 - 2016-04-22 14:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 13:06 - 2017-10-11 11:22 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 13:06 - 2016-05-31 13:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-01-10 13:06 - 2016-04-22 14:37 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 13:02 - 2015-10-30 16:54 - 000000167 _____ C:\WINDOWS\win.ini
2018-01-10 09:10 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-10 09:10 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-09 13:14 - 2016-04-28 12:36 - 000599528 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2018-01-09 13:14 - 2016-04-28 12:36 - 000339944 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2018-01-09 08:11 - 2017-09-29 23:14 - 000000000 ____D C:\WINDOWS\INF
2018-01-08 13:33 - 2017-11-10 10:36 - 000000000 ___RD C:\Users\dcocm\3D Objects
2018-01-08 13:33 - 2016-02-13 22:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-08 13:32 - 2017-11-08 09:11 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-08 13:29 - 2017-11-10 10:08 - 003861584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-08 13:23 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-08 13:23 - 2017-09-29 18:15 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-08 13:22 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-08 13:22 - 2017-09-29 23:16 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-08 08:52 - 2017-09-29 23:11 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-08 08:52 - 2017-09-29 23:11 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-08 08:51 - 2017-09-29 23:11 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

==================== Files in the root of some directories =======

2016-06-01 09:42 - 2016-12-21 17:18 - 000038476 _____ () C:\Users\dcocm\AppData\Roaming\Comma Separated Values.ADR
2016-06-01 09:02 - 2018-01-19 08:46 - 000009376 _____ () C:\Users\dcocm\AppData\Roaming\Comma Separated Values.EML

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 11:13

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 01 February 2018 - 08:14 AM

Hi COCD :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Is it possible to have to Addition.txt log that was generated as well?

Also, follow the instructions below. Afterwards, a file called date-time.zip should be on your desktop. Attach it in your next reply as well.
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CloseProcesses:
    Zip: C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR;C:\Users\dcocm\fUTkALeaTxM;C:\Users\dcocm\cVSrRBdhCSq
    
    HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\Run: [YBaouulWYBc] => "C:\Users\dcocm\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR"
    
    C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR
    C:\Users\dcocm\fUTkALeaTxM
    C:\Users\dcocm\cVSrRBdhCSq
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 COCD

COCD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:03 AM

Posted 02 February 2018 - 01:11 AM

Thanks for your help Yoan  :) 

 

Here is the addition.txt from yesterday and the fix log is below it. Zip is attached.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by dcocm (01-02-2018 13:43:52)
Running from C:\Users\dcocm\Desktop
Windows 10 Pro Version 1709 16299.192 (X64) (2017-11-10 01:05:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2217450717-2265245485-1544014162-500 - Administrator - Disabled)
dcocm (S-1-5-21-2217450717-2265245485-1544014162-1001 - Administrator - Enabled) => C:\Users\dcocm
DefaultAccount (S-1-5-21-2217450717-2265245485-1544014162-503 - Limited - Disabled)
Guest (S-1-5-21-2217450717-2265245485-1544014162-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2217450717-2265245485-1544014162-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2217450717-2265245485-1544014162-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AUSkey (HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\AUSkey) (Version: 1.1.0 - Australian Taxation Office)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{0CEA94E0-E6F4-4F2D-AA98-D0EFD6833754}) (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (HKLM\...\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (HKLM\...\{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (HKLM\...\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CS (x64) (HKLM\...\{5A44CC9E-5432-4024-8D14-7DAF2704434F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CT (x64) (HKLM\...\{573F191F-6615-457E-8EE9-C1D9D672A54D}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (HKLM\...\{7386B5FA-8715-481D-821F-7785110506DF}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (HKLM\...\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (HKLM\...\{BB65D262-3EBC-4F10-89D9-67A320E94EAA}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (HKLM\...\{E699230D-4B5E-411E-9F45-FF50789B18DD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (HKLM\...\{3933C06C-8239-432B-87FC-F2BDC5B49A10}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (HKLM\...\{B6DF7031-2843-44FD-9CAB-DECAB4257456}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM T3 (HKLM\...\{80411B38-DEF6-4E32-BE6B-796015325109}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - JP (x64) (HKLM\...\{D82D569E-C414-477B-B158-092D81868B6E}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (HKLM\...\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (HKLM\...\{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (HKLM\...\{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (HKLM\...\{10762393-1B90-4AC2-AF1A-4C0C04AE303F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (HKLM\...\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (HKLM\...\{1E3A578C-0A7D-4820-990F-B7545C0B2303}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (HKLM\...\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (HKLM\...\{CBC1BFA3-E641-4FCA-8EFA-77E2B7D7E552}) (Version: 16.1 - Corel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 42.4.114 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU  (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 58.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.1 (x64 en-US)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MYOB AccountRight 2016.2 (HKLM-x32\...\{ED354521-2149-4CB9-939D-95FAF14A9CE1}) (Version: 16.2.18.9675 - MYOB Technology Pty. Ltd.) Hidden
MYOB AccountRight 2016.2 (HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\{3a8e61de-ef49-42b6-8f14-417356a91fa3}) (Version: 2016.2.18.9675 - MYOB Technology Pty. Ltd.)
MYOB AccountRight 2017.1 (HKLM-x32\...\{6C056C44-A3D9-4C96-850E-0D7DA2D9E57F}) (Version: 17.1.1 - MYOB Technology Pty. Ltd.) Hidden
MYOB AccountRight 2017.1 (HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\{1a5a3e93-fb76-45f2-a1ff-a09aa38fa2b4}) (Version: 2017.1.1 - MYOB Technology Pty. Ltd.)
MYOB AccountRight Plus v19.11.1 (HKLM-x32\...\{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.11.1 - MYOB Technology Pty Ltd) Hidden
MYOB AccountRight Plus v19.11.1 (HKLM-x32\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.11.1 - MYOB Technology Pty Ltd)
MYOB Add-On Connector (API) (HKLM-x32\...\{B1DE86B4-D8AD-4783-985B-ADD0C42AB9FF}) (Version: 2.19.8217 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
Norton Security (HKLM-x32\...\NSBU) (Version: 22.11.2.7 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1908.134 - Trusteer) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1908.134 - Trusteer)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011638) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA42A10E-1420-49B6-9900-1ECC62850D84}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\buShell.dll [2017-11-11] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\NavShExt.dll [2017-11-11] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AD57461-D322-4B9A-839B-3D70E960BBA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {2299306A-0BB9-44F0-987F-7B290D8E0B2F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-11-11] (Symantec Corporation)
Task: {2BC393D8-3315-4609-B9E3-D24B3F84ED30} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3860A0AE-1A76-44C0-B1D1-3CA3533B42C9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\WSCStub.exe [2017-11-11] (Symantec Corporation)
Task: {3B88500D-BDCA-4D25-B42D-A4A5F6E2C11F} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\VPN Routes Repair => %windir%\system32\cmd.exe
Task: {47AF78B3-2AC5-422A-8D6C-AFB38A7570DA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {533DBA75-FD46-497E-9A0B-822FCFB08C3B} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\File History Settings Synchronization => %windir%\system32\cmd.exe
Task: {56FB6EBC-CA3E-4433-A313-34A6B929B75C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-03] (Dropbox, Inc.)
Task: {65C7BA5C-F162-42E0-BFDE-A7D9E132CA2C} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup on Idle => %windir%\system32\cmd.exe
Task: {7A4FEECA-00A8-44CF-BA13-4D82D9DDD474} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
Task: {97893456-BEE2-4CF3-BBFC-9C9F04B6058E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {A1B65098-0BE1-432D-8C41-DF078C837BB2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-12] (Google Inc.)
Task: {A2EC7133-F996-4D59-BE73-503440BE35B4} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Connector Cleanup => %windir%\system32\cmd.exe
Task: {A74F5A25-2D6E-44C0-A963-6E46323DE1A2} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Analyzer => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-11] (Symantec Corporation)
Task: {ABBFF6AB-3303-4250-BD70-2ED17D404327} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Autofix => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-11] (Symantec Corporation)
Task: {B07D13BF-6C14-4E62-8738-B6342557CBAC} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Client Computer Backup => %windir%\system32\cmd.exe
Task: {B21C37D1-7604-4759-A441-9BE1108C6C01} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Processor => C:\Program Files\Norton Security with Backup\Engine\22.11.2.7\SymErr.exe [2017-11-11] (Symantec Corporation)
Task: {B277D8C9-5C24-416F-A9BB-FB95C5E152FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {BE7BA2B2-0D31-443E-9D2B-5CA6B4B50EA2} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Alert Evaluations => %windir%\system32\cmd.exe
Task: {C1A8C551-8ED9-4BF4-B396-64047E592C8F} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\RDP Group Configuration => %windir%\system32\cmd.exe
Task: {CBA1602E-F1E5-46C6-A573-25BEF4108C2F} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Add-in Management => %windir%\system32\cmd.exe
Task: {CD8B9D8C-1F28-45BD-84C0-04BBCF8B32FB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {D1126CEE-BCB4-4A50-8CE9-B5DA9478A936} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-03] (Dropbox, Inc.)
Task: {F01577CE-81D9-481A-BE50-F046E9BCE5E9} - System32\Tasks\Microsoft\Windows\Windows Server Essentials\Health Definition Update => %windir%\system32\cmd.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 23:11 - 2017-09-29 23:11 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-17 11:14 - 2013-07-04 03:02 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2018-02-01 12:54 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-01 12:54 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-01 23:05 - 2017-10-20 16:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-13 12:02 - 2017-11-26 21:53 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 12:02 - 2017-11-26 21:31 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 09:12 - 2018-01-31 09:12 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 09:12 - 2018-01-31 09:12 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-31 09:12 - 2018-01-31 09:12 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-31 09:12 - 2018-01-31 09:12 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-31 09:12 - 2018-01-31 09:12 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-08-17 11:15 - 2018-02-01 13:13 - 000025088 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-08-17 11:14 - 2013-07-04 03:02 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2018-01-25 08:19 - 2018-01-22 20:49 - 000733000 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-01-25 08:19 - 2018-01-22 20:49 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-18 06:56 - 2018-01-22 20:49 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-18 06:56 - 2018-01-22 20:49 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-18 06:56 - 2018-01-22 20:52 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-22 07:31 - 2018-01-22 20:49 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 001796928 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 001956160 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-25 08:19 - 2018-01-22 20:52 - 003859272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000521032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000050512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-25 08:19 - 2018-01-22 20:52 - 000218960 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000100704 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-01-25 08:16 - 2018-01-22 20:52 - 000024416 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-18 06:56 - 2018-01-22 20:49 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-01-25 08:19 - 2018-01-22 20:52 - 000101192 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-18 06:56 - 2018-01-22 20:52 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-25 08:19 - 2018-01-22 20:51 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-01-25 08:19 - 2018-01-22 20:49 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-12 08:17 - 2018-01-22 20:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-18 06:56 - 2018-01-22 20:52 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-01-25 08:19 - 2018-01-22 20:51 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-18 06:56 - 2018-01-22 20:52 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000545096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000359232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-01-25 08:19 - 2018-01-22 20:51 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\dcocm\Desktop\COCentre_Data 010314.zip:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 16:54 - 2017-01-19 09:10 - 000000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.20 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50EB0156-F9D5-4AE6-80B1-D9B6E4D3C134}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CA516A17-C522-4314-AC92-322CD9FF25AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DAE8481F-2945-484A-A7B6-5C2B0F6CD5A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D3602B8D-CF97-4C9A-AF9E-EA0E89771F35}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{EB0A5F84-CABA-4E18-9FFF-9BF69ED00C9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B5F710B4-177A-42DD-829D-E36963F6DC20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{409BA60D-2570-40DE-96E0-0B093EC75D09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43128B48-3822-41C6-8817-F771488871B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{25D30225-F0D3-4815-B6CE-1EF3BADDDF06}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{DD76C422-2CE0-47E8-BAF1-3389E6D03C6D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C6C0F5D2-B66D-4A5B-94A3-34CDED936E22}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7AB39E31-A5E3-442B-B056-1A3D333EAA59}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

08-01-2018 08:47:41 Windows Update
18-01-2018 12:59:05 Scheduled Checkpoint
22-01-2018 16:21:24 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2018 01:13:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/01/2018 01:13:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2018 12:59:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2018 12:59:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/01/2018 12:45:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2018 12:45:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/01/2018 12:35:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/01/2018 12:30:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2018 12:25:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/01/2018 12:25:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (02/01/2018 01:13:05 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/01/2018 01:13:02 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Protexis Licensing V2 x64 service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/01/2018 01:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-12-08 09:54:18.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:54:18.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:53:48.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:53:48.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:53:48.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:53:48.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 09:53:48.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 08:33:27.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 08:33:27.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-08 08:32:57.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 7875.95 MB
Available physical RAM: 4676.65 MB
Total Virtual: 9091.95 MB
Available Virtual: 5665.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.37 GB) (Free:377.73 GB) NTFS
Drive d: (Storage) (Fixed) (Total:455.99 GB) (Free:412.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C6DCBF8C)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 83DEA43B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=149 MB) - (Type=DE)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by dcocm (02-02-2018 15:25:20) Run:2
Running from C:\Users\dcocm\Desktop
Loaded Profiles: dcocm (Available Profiles: dcocm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Zip: C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR;C:\Users\dcocm\fUTkALeaTxM;C:\Users\dcocm\cVSrRBdhCSq
HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\...\Run: [YBaouulWYBc] => "C:\Users\dcocm\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR"
C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR
C:\Users\dcocm\fUTkALeaTxM
C:\Users\dcocm\cVSrRBdhCSq

*****************

Processes closed successfully.
================== Zip: ===================
C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR -> copied successfully to C:\Users\dcocm\Desktop\02.02.2018_15.25.21.zip
C:\Users\dcocm\fUTkALeaTxM -> copied successfully to C:\Users\dcocm\Desktop\02.02.2018_15.25.21.zip
C:\Users\dcocm\cVSrRBdhCSq -> copied successfully to C:\Users\dcocm\Desktop\02.02.2018_15.25.21.zip
=========== Zip: End ===========
"HKU\S-1-5-21-2217450717-2265245485-1544014162-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YBaouulWYBc" => removed successfully
C:\Users\dcocm\cVSrRBdhCSq\xaqTnMlLELJ.aWWKuR => moved successfully
C:\Users\dcocm\fUTkALeaTxM => moved successfully
C:\Users\dcocm\cVSrRBdhCSq => moved successfully


The system needed a reboot.

==== End of Fixlog 15:25:32 ====

 

Attached File  02.02.2018_15.25.21.zip   1.07MB   1 downloads



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 02 February 2018 - 08:19 AM

According to Payload Security, the files you sent me belongs to QRat, a Remote Access Trojan.

https://www.trustwave.com/Resources/SpiderLabs-Blog/Quaverse-RAT--Remote-Access-as-a-Service/

Since this is a business computer, it should now be considered as compromised. Which means, your Security Team should be notified of this. This machine needs to be wiped and rebuilt (Windows reinstalled), and all the credentials, information, data, etc. on it should be considered compromised as well. Your passwords needs to be changed too.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 COCD

COCD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:03 AM

Posted 02 February 2018 - 08:18 PM

Thanks for the analysis. We're only a small office so no IT team, I'll do the reinstall. Majority of our files are stored on a shared folder on the server this computer and others on the network can access. Should I be concerned about reinfection from something stored in this location or the safety of other machines on the network?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 04 February 2018 - 04:34 PM

Should I be concerned about reinfection from something stored in this location or the safety of other machines on the network?


Backdoor access means that the person who infected could've compromised the server and/or the other computers from the infected one, assuming it had the proper credentials to do so, yes. See if you can find oddly named files in the userprofiles of other computers (and the server). If you're not sure, just provide me the FRST logs for each and I'll help you look for them.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 COCD

COCD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:03 AM

Posted 06 February 2018 - 09:00 PM

Hi Aura,

 

I've done the clean install on the infected computer and haven't seen any notable issues, files, or processes on the others. I also can't see any unusual activity on active ports on any of these. To be sure I'm reading the log files correctly, I'm attaching the FRST and addition for one of the other computers if you can point anything out that may be of concern.

 

Thanks so much for your time, appreciate it!

Attached Files



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 07 February 2018 - 08:58 AM

That system isn't infected, so you're good :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 COCD

COCD
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:03 AM

Posted 07 February 2018 - 07:02 PM

Awesome, thanks so much, appreciate it! :)



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 February 2018 - 10:52 AM

No problem COCD, you're welcome!

Stay safe :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,634 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 AM

Posted 08 February 2018 - 10:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users