Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safesearch?? Google chrome suspicious email activity warning?


  • This topic is locked This topic is locked
19 replies to this topic

#1 withavision

withavision

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 19 February 2018 - 05:06 PM

Hello,

 

A week or two ago, I noticed "safesearch" was installed for google chrome.  I did not install this.  When I would type in the search bar, it would default to yahoo. I have always had google set as my default search engine.

 

Today, I have received the attached warning (untitled.png) in google chrome two times. I have never seen this before and am not sure what it is?

 

Also, I use yahoo mail.  A couple times last week my yahoo mail would go to a webpage saying my computer is infected and take these steps, do not do anything else etc... I do not have a screen shot of that, unfortunately....

 

Here is my frst log.... please let me know if I have anything to be worried about here?

 

Thanks a lot

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by P. Miller (administrator) on PMILLER (19-02-2018 16:37:51)
Running from C:\Users\P. Miller\Downloads
Loaded Profiles: P. Miller & Guest (Available Profiles: P. Miller & Guest)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Failed to access process -> svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-05] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [GoogleChromeAutoLaunch_7594610B2A33092952E6E86A9B3105F0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1301848 2017-08-23] (Google Inc.)
HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\RunOnce: [Uninstall 17.3.7294.0108\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\P. Miller\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64"
HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\RunOnce: [Uninstall 17.3.7294.0108] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\P. Miller\AppData\Local\Microsoft\OneDrive\17.3.7294.0108"
HKU\S-1-5-21-1197745190-727455461-723387890-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-1197745190-727455461-723387890-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2015-12-22]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{54eb91ab-5f69-414c-914c-b25ce37c90d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{54eb91ab-5f69-414c-914c-b25ce37c90d9}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{85a652d0-0b8e-4eaf-97f2-b27097c25bdb}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a76bedef-7979-11e7-8e1f-806e6f6e6963}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1197745190-727455461-723387890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-24] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 7yv2qzd8.default
FF ProfilePath: C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\7yv2qzd8.default [2018-01-17]
FF Extension: (Firefox Hotfix) - C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\7yv2qzd8.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-22] [Legacy]
FF Extension: (FireShot) - C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\7yv2qzd8.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-01-18] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1197745190-727455461-723387890-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\P. Miller\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1197745190-727455461-723387890-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-04-05] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1197745190-727455461-723387890-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-04-05] (TD Ameritrade)
 
Chrome: 
=======
CHR Profile: C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default [2018-02-19]
CHR Extension: (Slides) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Docs) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-01]
CHR Extension: (YouTube) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-01]
CHR Extension: (MozBar) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2018-02-12]
CHR Extension: (Avast SafePrice) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-16]
CHR Extension: (Sheets) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (Avast Online Security) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2017-11-30]
CHR Extension: (WhatFont) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-11-14]
CHR Extension: (Jungle Scout) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgpfhoadcpndoogjiogflmgegfbekec [2018-01-28]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2018-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-31]
CHR Extension: (Check My Links) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2017-06-02]
CHR Extension: (Gmail) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-25]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2017-07-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-05] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [192944 2018-02-19] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-05] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-05] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-05] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-05] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [190440 2018-02-19] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-02-19] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-02-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-02-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-02-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-02-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459952 2018-02-19] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205464 2018-02-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379448 2018-02-19] (AVAST Software)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-01-05] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2018-01-28] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-19] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 16:37 - 2018-02-19 17:01 - 000016130 _____ C:\Users\P. Miller\Downloads\FRST.txt
2018-02-19 16:37 - 2018-02-19 16:37 - 000000000 ____D C:\FRST
2018-02-19 16:36 - 2018-02-19 16:36 - 002403840 _____ (Farbar) C:\Users\P. Miller\Downloads\FRST64.exe
2018-02-19 01:42 - 2018-02-19 01:42 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.151902257295302
2018-02-19 01:42 - 2018-02-19 01:41 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-02-16 14:13 - 2018-02-16 14:13 - 000322722 _____ C:\Users\P. Miller\Downloads\PALocalTaxReturn.pdf
2018-02-16 13:55 - 2018-02-16 13:55 - 000116196 _____ C:\Users\P. Miller\Downloads\3ComputerGalleryACTIVE (1).csv
2018-02-16 13:47 - 2018-02-16 13:47 - 000116196 _____ C:\Users\P. Miller\Downloads\3ComputerGalleryACTIVE.csv
2018-02-16 13:31 - 2018-02-16 13:31 - 001129816 _____ (Google Inc.) C:\Users\P. Miller\Downloads\ChromeSetup (1).exe
2018-02-11 13:49 - 2018-02-11 13:49 - 000000000 _____ C:\Users\P. Miller\Desktop\2016 tax return.pdf
2018-02-11 13:48 - 2018-02-11 13:48 - 000528710 _____ C:\Users\P. Miller\Downloads\2016TurboTaxReturn.pdf
2018-02-11 13:05 - 2018-02-11 13:05 - 000417874 _____ C:\Users\P. Miller\Downloads\2017-1099MISC.pdf
2018-02-07 11:39 - 2018-02-07 11:39 - 000000846 _____ C:\Users\P. Miller\AppData\Local\recently-used.xbel
2018-02-06 06:34 - 2018-02-06 06:34 - 006165504 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-02-01 16:37 - 2018-02-01 16:37 - 000000134 _____ C:\Users\P. Miller\Downloads\report_40929_ypyBnb.csv
2018-02-01 16:30 - 2018-02-01 16:30 - 000000110 _____ C:\Users\P. Miller\Downloads\report_40927_lH2Jzs.csv
2018-02-01 14:04 - 2018-02-01 14:04 - 000028859 _____ C:\Users\P. Miller\Downloads\Crypto (1).xlsx
2018-02-01 14:03 - 2018-02-01 14:04 - 000028859 _____ C:\Users\P. Miller\Downloads\Crypto.xlsx
2018-01-28 11:24 - 2018-01-28 11:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-28 11:23 - 2018-01-28 11:23 - 000000000 ___HD C:\Users\P. Miller\MicrosoftEdgeBackups
2018-01-28 11:21 - 2018-01-28 11:21 - 000000020 ___SH C:\Users\P. Miller\ntuser.ini
2018-01-28 11:21 - 2018-01-28 11:21 - 000000000 ___RD C:\Users\P. Miller\3D Objects
2018-01-28 07:40 - 2018-01-28 07:44 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-01-28 07:40 - 2018-01-28 07:40 - 000000000 ___DL C:\Users\Public\Recorded TV (1)
2018-01-28 07:38 - 2018-01-28 07:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-28 07:38 - 2018-01-28 07:38 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-28 07:34 - 2018-01-28 07:34 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-28 07:34 - 2018-01-28 07:34 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-28 07:34 - 2018-01-28 07:34 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-28 07:34 - 2018-01-28 07:34 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-28 07:34 - 2018-01-28 07:34 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-28 07:34 - 2018-01-28 07:34 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-28 07:34 - 2018-01-28 07:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-28 07:34 - 2018-01-28 07:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-01-28 05:36 - 2018-02-19 13:39 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98EA04EB-6A36-469F-82B1-3CABD29C5380}
2018-01-28 05:36 - 2018-02-19 01:42 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-28 05:36 - 2018-02-16 13:32 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-28 05:36 - 2018-02-16 13:32 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-28 05:36 - 2018-02-15 13:30 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1197745190-727455461-723387890-1001
2018-01-28 05:36 - 2018-02-06 06:34 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-01-28 05:36 - 2018-01-28 05:36 - 000003354 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458748799
2018-01-28 05:36 - 2018-01-28 05:36 - 000003260 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001
2018-01-28 05:36 - 2018-01-28 05:36 - 000003164 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001
2018-01-28 05:36 - 2018-01-28 05:36 - 000002586 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-01-28 05:36 - 2018-01-28 05:36 - 000002440 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2018-01-28 05:36 - 2018-01-28 05:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-28 05:36 - 2018-01-28 05:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-01-28 05:36 - 2018-01-28 05:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-01-28 05:34 - 2018-01-28 05:36 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-01-28 05:34 - 2018-01-28 05:36 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-01-28 05:12 - 2018-01-28 05:12 - 000841206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-28 05:07 - 2018-01-28 05:07 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-01-28 05:00 - 2018-01-28 05:00 - 000000000 ____D C:\ProgramData\USOShared
2018-01-28 04:58 - 2018-01-28 04:58 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-01-28 04:55 - 2018-02-12 13:16 - 000000000 ____D C:\Users\P. Miller
2018-01-28 04:55 - 2018-01-28 11:39 - 000000000 ____D C:\Users\P. Miller\AppData\Local\Packages
2018-01-28 04:55 - 2018-01-28 05:09 - 000000000 ____D C:\Users\Guest
2018-01-28 04:52 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-28 04:48 - 2018-02-19 16:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-28 04:48 - 2018-01-28 05:04 - 000222000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-26 11:53 - 2018-01-26 11:53 - 000000000 ____D C:\Users\P. Miller\2017 TAXES
2018-01-23 15:41 - 2018-02-16 14:03 - 000000000 ____D C:\Users\P. Miller\Desktop\7 FIGURE CYCLE
2018-01-23 15:32 - 2018-01-23 15:32 - 000015186 _____ C:\Users\P. Miller\Downloads\7fc-business-planning.xlsx
2018-01-23 11:13 - 2018-01-23 11:13 - 000000000 ____D C:\Users\P. Miller\AppData\Local\GoTo Opener
2018-01-22 19:02 - 2018-01-28 11:21 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-22 11:56 - 2018-01-22 11:56 - 000012345 _____ C:\Users\P. Miller\Downloads\VRRENEWAL (2).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-19 16:31 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-19 01:41 - 2018-01-05 04:43 - 000190440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-02-19 01:41 - 2017-11-21 15:12 - 000192944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000459952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000379448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000205464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-02-19 01:41 - 2015-12-22 19:18 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-02-17 00:14 - 2017-07-08 12:52 - 000000000 ____D C:\Users\P. Miller\AppData\Local\GoToMeeting
2018-02-16 13:32 - 2016-04-01 11:48 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-16 13:32 - 2016-04-01 11:48 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-16 13:32 - 2016-04-01 11:47 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-15 13:30 - 2015-12-22 18:53 - 000002375 _____ C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-15 13:30 - 2015-12-22 18:53 - 000000000 ___RD C:\Users\P. Miller\OneDrive
2018-02-12 13:18 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-12 13:17 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-12 13:00 - 2017-12-20 10:25 - 000000000 ____D C:\Users\P. Miller\Desktop\CRYPTO
2018-02-11 13:01 - 2015-08-21 11:06 - 000202752 _____ C:\Users\P. Miller\Desktop\SITES LATEST.xls
2018-02-09 11:56 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-07 11:42 - 2016-12-07 14:13 - 000000000 ___HD C:\Users\P. Miller\.gimp-2.8
2018-02-06 06:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-02-06 06:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-05 06:15 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-31 07:40 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-30 15:22 - 2017-12-19 11:11 - 000000000 ____D C:\Users\P. Miller\Desktop\CREATING A PROFITABLE ONLINE STORE
2018-01-29 07:48 - 2015-12-22 14:18 - 000000000 ____D C:\ESD
2018-01-29 04:41 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-28 11:22 - 2016-09-27 11:35 - 000000000 ____D C:\Users\P. Miller\AppData\Local\PackageStaging
2018-01-28 11:22 - 2015-12-22 18:49 - 000000000 ____D C:\Users\P. Miller\AppData\Local\TileDataLayer
2018-01-28 11:21 - 2015-12-22 18:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-28 07:47 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-28 07:44 - 2017-11-15 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-01-28 07:44 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2018-01-28 07:44 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-28 07:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-28 07:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-28 07:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-28 07:44 - 2017-09-19 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-28 07:44 - 2017-08-09 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-01-28 07:44 - 2017-07-07 12:42 - 000000000 ____D C:\Program Files\UNP
2018-01-28 07:44 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-28 07:44 - 2017-03-15 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-01-28 07:44 - 2017-02-03 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thinkorswim
2018-01-28 07:44 - 2016-08-12 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IgnitionCasino
2018-01-28 07:44 - 2015-12-22 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2018-01-28 07:44 - 2015-12-22 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-28 07:44 - 2015-10-30 02:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-01-28 07:40 - 2017-11-24 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-01-28 07:40 - 2017-11-16 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2018-01-28 07:40 - 2015-12-22 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-28 07:36 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-28 07:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-28 07:36 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-28 07:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-28 07:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-28 07:35 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-28 07:35 - 2017-09-29 08:46 - 000000000 ____D C:\PerfLogs
2018-01-28 05:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-01-28 05:36 - 2016-03-14 14:00 - 000000670 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001.job
2018-01-28 05:36 - 2016-03-14 14:00 - 000000574 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001.job
2018-01-28 05:33 - 2016-09-27 00:26 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-01-28 05:07 - 2017-10-06 21:21 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-28 05:03 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-28 05:02 - 2017-12-20 10:31 - 000000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalus
2018-01-28 05:02 - 2017-02-03 14:52 - 000000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-01-28 05:02 - 2015-12-28 15:34 - 000000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSunshare Windows 7 Password Genius Trial
2018-01-28 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-28 04:59 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-28 04:52 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-28 04:09 - 2008-09-10 10:40 - 000008192 __RSH C:\BOOTSECT.BAK
2018-01-25 19:42 - 2018-01-11 17:58 - 000000000 ____D C:\Program Files\rempl
2018-01-23 11:13 - 2016-03-14 14:00 - 000000000 ___HD C:\Users\P. Miller\AppData\Local\Citrix
 
==================== Files in the root of some directories =======
 
2015-12-23 14:20 - 2002-03-07 16:59 - 000557113 _____ (Electronic Arts Inc.) C:\Program Files\MOHAA_server.exe
2015-12-23 14:20 - 2002-03-06 12:24 - 000002756 _____ () C:\Program Files\PatchReadme111.txt
2018-02-07 11:39 - 2018-02-07 11:39 - 000000846 _____ () C:\Users\P. Miller\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-17 09:37
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by P. Miller (19-02-2018 17:02:57)
Running from C:\Users\P. Miller\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-01-28 10:38:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1197745190-727455461-723387890-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1197745190-727455461-723387890-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1197745190-727455461-723387890-503 - Limited - Disabled)
Guest (S-1-5-21-1197745190-727455461-723387890-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1197745190-727455461-723387890-1002 - Limited - Enabled)
P. Miller (S-1-5-21-1197745190-727455461-723387890-1001 - Administrator - Enabled) => C:\Users\P. Miller
WDAGUtilityAccount (S-1-5-21-1197745190-727455461-723387890-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
Daedalus (HKLM-x32\...\Daedalus) (Version: 1.0.3769.0 - Eureka Solutions LLC)
FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
Ignition Casino (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version:   - )
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough (HKLM-x32\...\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18.2 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Zoom (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\P. Miller\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext32.dll -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Windows.old\Program Files\WinRAR\rarext32.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000484D8-FD05-48FA-8F0E-1D7FFA10355F} - System32\Tasks\SafeZone scheduled Autoupdate 1458748799 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {013FD556-C07F-4E9F-A67B-D661E0990250} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {041A7BD0-B1E6-47D1-9254-E5E341079E58} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-01-08] (AVAST Software)
Task: {074003B1-AB18-47A3-BE12-A77BFFA31A79} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe
Task: {34FE7F08-FF22-4F3D-8BC6-D2F6752D267F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {4593F9E7-8FF1-4DEB-A899-0E53E1C6D784} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4927C2F8-338A-47D7-B1D0-C1383BAB8F88} - System32\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001 => C:\Users\P. Miller\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-18] (LogMeIn, Inc.)
Task: {626B8D16-7C61-4E31-A3C4-6E8DA94D14A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {7959B73A-2013-4443-B4E4-D5142339EBB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-16] (Google Inc.)
Task: {86F1B2DA-7A38-437E-A041-3836008CEB80} - System32\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001 => C:\Users\P. Miller\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-18] (LogMeIn, Inc.)
Task: {C03360BD-D6DA-4134-9537-F3E475449BFC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CD594E96-B774-4AA0-8395-7483E3C50FF1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-19] (AVAST Software)
Task: {F46E5669-02A5-4170-B4CB-9E3AB0175892} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-16] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001.job => C:\Users\P. Miller\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001.job => C:\Users\P. Miller\AppData\Local\GoToMeeting\8199\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\P. Miller\Desktop\Daedalus.lnk -> C:\Program Files\Daedalus\daedalus.bat ()
Shortcut: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalus\Daedalus.lnk -> C:\Program Files\Daedalus\daedalus.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-19 18:33 - 2017-10-06 21:21 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-06 14:32 - 2017-11-06 14:32 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-01-28 07:34 - 2018-01-28 07:34 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-30 09:42 - 2018-01-30 09:42 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-30 09:42 - 2018-01-30 09:42 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-30 09:42 - 2018-01-30 09:42 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-30 09:42 - 2018-01-30 09:42 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-30 09:42 - 2018-01-30 09:42 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-08-28 14:22 - 2017-08-23 03:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 14:22 - 2017-08-23 03:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2015-12-22 18:32 - 2010-04-01 17:48 - 000970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-12-22 18:32 - 2010-04-01 17:48 - 000166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2018-01-05 04:42 - 2018-01-05 04:42 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-05 04:42 - 2018-01-05 04:42 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-05 04:42 - 2018-01-05 04:42 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-07-11 02:37 - 2017-07-11 02:37 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-05 04:42 - 2018-01-05 04:42 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-05 04:41 - 2018-01-05 04:41 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-09-20 13:48 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1197745190-727455461-723387890-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\P. Miller\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
HKU\S-1-5-21-1197745190-727455461-723387890-501\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3114D827-97C7-4B04-B482-7185905FBE3F}] => (Allow) C:\Program Files\Daedalus\cardano-node.exe
FirewallRules: [{9B610493-77B6-4E41-ACB2-22304EBA64FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{99F2165A-4BFB-4A9C-9B0E-9BBD9CF2AC1D}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{BA34D134-F788-431A-98B6-8BAA4B312AC9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{6DF125D7-C98D-4E16-B296-DD67E9142699}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [UDP Query User{F0DE0DD1-D821-4EDA-9B34-8BE9292D8A5B}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe
FirewallRules: [TCP Query User{4E7F5EB1-738B-4EED-938A-1B9B50129FDF}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe
FirewallRules: [UDP Query User{2A06D5A6-3A4F-4D03-89D8-FDA6EC62F59B}C:\program files\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files\ea games\mohaa\moh_breakthrough_server.exe
FirewallRules: [TCP Query User{44C5178E-F9D9-4B2E-B117-0843D5575B09}C:\program files\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files\ea games\mohaa\moh_breakthrough_server.exe
FirewallRules: [UDP Query User{F18298C6-4F16-41D1-9442-3E9DFFC9FD89}C:\program files (x86)\ea games\mohaa\mohaa_server.exe] => (Block) C:\program files (x86)\ea games\mohaa\mohaa_server.exe
FirewallRules: [TCP Query User{857A6BCC-3E03-48AE-9C28-A6B70EF673E7}C:\program files (x86)\ea games\mohaa\mohaa_server.exe] => (Block) C:\program files (x86)\ea games\mohaa\mohaa_server.exe
FirewallRules: [UDP Query User{A2E7B599-988C-494F-804B-5B8C8A3D9FBB}C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe
FirewallRules: [TCP Query User{678829C0-B805-460B-BFAB-AE7A57B74EEE}C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe
FirewallRules: [{DBF47EAC-BBC3-4AF1-A655-E6AC861DE33B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AC3D0F80-5F78-417A-8698-E67817DA407B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E8E03B3-4B44-4A8E-8AB8-33937732209A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6E61AB2-E19B-44C9-8767-9DF55B88967C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A8FF7E27-7E47-45C0-B194-CE5881818EFA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05CB3345-90F8-4B28-BF1C-34F10AEF55C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{364514E9-B94D-486C-B4E6-B56F3C51AC45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89B2065B-B6FC-41C3-926A-F81C3E2A1B95}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F91E7464-43E0-45D1-B5A8-F27AD68DB0BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{67DF761E-7FE5-4DDB-BDB3-DDC417D5CBAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A32344BA-06A5-4DC4-B6BF-7AD80EF409AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1D8C4841-9349-4541-AF4C-1DAC5ED48F5F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-01-2018 11:29:05 Windows Update
06-02-2018 09:39:05 Scheduled Checkpoint
12-02-2018 05:13:33 Windows Modules Installer
19-02-2018 13:37:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2018 04:59:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:59:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:51:51 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:51:51 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:46:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:46:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:41:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2018 04:41:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
 
System errors:
=============
Error: (02/13/2018 03:38:06 PM) (Source: DCOM) (EventID: 10016) (User: PMILLER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PMiller\P. Miller SID (S-1-5-21-1197745190-727455461-723387890-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2018 01:18:44 PM) (Source: DCOM) (EventID: 10016) (User: PMILLER)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user PMiller\P. Miller SID (S-1-5-21-1197745190-727455461-723387890-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2018 01:16:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2018 01:16:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2018 01:16:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/12/2018 01:16:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/28/2018 11:56:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/28/2018 11:56:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-02-19 17:02:00.435
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 17:02:00.434
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 17:02:00.278
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 17:02:00.273
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 16:47:34.267
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 16:47:34.266
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 16:46:22.649
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-02-19 16:46:22.648
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 78%
Total physical RAM: 4094.49 MB
Available physical RAM: 879.86 MB
Total Virtual: 10315.51 MB
Available Virtual: 2716.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.93 GB) (Free:359.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (MOHAAB) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
 
\\?\Volume{19697ee1-0000-0000-0000-603b74000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 19697EE1)
Partition 1: (Active) - (Size=464.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=851 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 20 February 2018 - 11:25 AM

forgot to attached the chrome warning about suspicious email activity... here it is...thanks

 

Attached Files



#3 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 21 February 2018 - 05:10 PM

Hello... any info here?

 

do i have anything to worry about?

 

thank you



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 21 February 2018 - 08:47 PM

Greetings withavision and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

So far I do not see any evidence of malicious software on your computer.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right-mouse click JRT.exe and select Run as administrator
  • Hit any key to run the program
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Current computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 February 2018 - 02:39 PM

Thanks Gary.. here are my logs..

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 22 19:01:47 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-21-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, SearchProvider found: Vapecrawler - vapecrawler.com
PUP.Optional.Legacy, SearchProvider found: Vapecrawler - vapecrawler.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by P. Miller (Administrator) on Thu 02/22/2018 at 14:26:48.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7594610B2A33092952E6E86A9B3105F0 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/22/2018 at 14:37:12.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 22 February 2018 - 04:15 PM

You are welcome.

Are you aware of this website?

vapecrawler.com


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 February 2018 - 04:21 PM

nope, never been to it before.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 22 February 2018 - 04:41 PM

OK.
 
Follow these steps, replacing AdwCleaner where you see Malwarebytes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 February 2018 - 05:41 PM

i followed the steps and reset the syncing.

 

I then ran adw again and it found the same thing.  It rebooted, I ran it again and it found nothing.

 

here is the log from the 1st run I just mentioned.

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 22 22:23:43 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Vapecrawler - vapecrawler.com
SearchProvider deleted: Vapecrawler - vapecrawler.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1203 B] - [2018/2/22 19:2:36]
C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2018/2/22 19:1:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [1334 B] - [2018/2/22 22:22:8]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


#10 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 February 2018 - 05:56 PM

UPDATE.... i turned on syncing again and ran another test to see if it would be clean and it found the same thing again.... here is that log.

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 22 22:49:09 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Vapecrawler - vapecrawler.com
SearchProvider deleted: Vapecrawler - vapecrawler.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1203 B] - [2018/2/22 19:2:36]
C:/AdwCleaner/AdwCleaner[C1].txt - [1337 B] - [2018/2/22 22:23:43]
C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2018/2/22 19:1:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [1334 B] - [2018/2/22 22:22:8]
C:/AdwCleaner/AdwCleaner[S2].txt - [1214 B] - [2018/2/22 22:39:19]
C:/AdwCleaner/AdwCleaner[S3].txt - [1537 B] - [2018/2/22 22:46:53]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 22 February 2018 - 06:55 PM

Do you have other devices that sync to the same Chrome account?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 22 February 2018 - 07:13 PM

no, not that I am aware of....



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 22 February 2018 - 08:50 PM

Please follow the steps in Post #2 of the link I provided. Let me know the results.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 withavision

withavision
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 23 February 2018 - 12:41 PM

i did step 2 and it looks like it was fixed...

 

# AdwCleaner 7.0.8.0 - Logfile created on Fri Feb 23 17:12:51 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-23-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1203 B] - [2018/2/22 19:2:36]
C:/AdwCleaner/AdwCleaner[C1].txt - [1337 B] - [2018/2/22 22:23:43]
C:/AdwCleaner/AdwCleaner[C2].txt - [1541 B] - [2018/2/22 22:49:9]
C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2018/2/22 19:1:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [1334 B] - [2018/2/22 22:22:8]
C:/AdwCleaner/AdwCleaner[S2].txt - [1214 B] - [2018/2/22 22:39:19]
C:/AdwCleaner/AdwCleaner[S3].txt - [1537 B] - [2018/2/22 22:46:53]
C:/AdwCleaner/AdwCleaner[S4].txt - [1417 B] - [2018/2/23 17:6:3]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 AM

Posted 24 February 2018 - 09:55 AM

Great.

Let's run one last scan.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • How is your computer running? Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users