Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected w/ DNSChanger, CoinMiner, Vagger!....maybe more


  • This topic is locked This topic is locked
8 replies to this topic

#1 Ethaquill

Ethaquill

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 08 April 2018 - 02:04 PM

I clicked on a bad link 2 or 3 weeks ago and have been having trouble since then. Microsoft Defender seems to find one or two things every time it runs and even offline scans have failed to clean my machine. Symptoms include notifications from Chrome and sometimes having tabs in Chrome opened automatically. Thanks in advance for everyone here who is helper, you guys are a huge asset to the 'net.

 

EDIT: Web notifications and auto-open Chrome tabs are from [*.]acinster.info, [*.]enclosely.info, [*.]suggedin.info

 

Here's my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Travis (administrator) on DESKTOP-5VO2P93 (08-04-2018 11:27:58)
Running from C:\Users\Trrav\Downloads
Loaded Profiles: Travis (Available Profiles: Travis)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(f.lux Software LLC) C:\Users\Trrav\AppData\Local\FluxSoftware\Flux\flux.exe
(Eric Zhang) C:\Users\Trrav\Downloads\EZBlocker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Trrav\AppData\Roaming\Spotify\Spotify.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Spotify Ltd) C:\Users\Trrav\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Trrav\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Trrav\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Trrav\AppData\Roaming\Spotify\Spotify.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Krzysztof Kowalczyk) C:\Program Files\SumatraPDF\SumatraPDF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8619456 2017-10-25] (Binary Fortress Software)
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Run: [f.lux] => C:\Users\Trrav\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Run: [EZBlocker] => C:\Users\Trrav\Downloads\EZBlocker.exe [1980584 2018-02-13] (Eric Zhang)
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Run: [Spotify Web Helper] => C:\Users\Trrav\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-01] (Spotify Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CDXZipStream.lnk [2018-02-25]
ShortcutTarget: CDXZipStream.lnk -> C:\Program Files (x86)\CDXZipStream\CDX.ZipStream.SetupManager.exe (Hughes Financial Services, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fd5b0cae-94ea-4943-b0a5-ff428d95c8c7}: [NameServer] 82.163.143.176 82.163.142.178
 
Internet Explorer:
==================
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba13.msn.com/?pc=TNJB
hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-412636521-2995881642-3868374669-1003 -> DefaultScope {DFAEECB9-2C31-4635-BFCD-485BAEABDD31} URL = 
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-29] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=toshibaupd&m=start"
CHR Profile: C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default [2018-04-08]
CHR Extension: (Slides) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-29]
CHR Extension: (Docs) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-29]
CHR Extension: (Google Drive) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-29]
CHR Extension: (Multi Email Forward for Gmail) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\baebodhfcfpnmnpnnheadibijemdlmip [2018-01-04]
CHR Extension: (YouTube) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-29]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-01-09]
CHR Extension: (Native HLS Playback) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnphkkblegpebimobpbekeedfgemhof [2018-02-10]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ennbnhbgmepfkhmcmmchjedigodookpa [2018-02-25]
CHR Extension: (Sheets) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-29]
CHR Extension: (iCloud Bookmarks) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-30]
CHR Extension: (AdBlock) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-12]
CHR Extension: (FantasyPlus) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojndgicjncbiobejfpjpcahadininga [2017-12-21]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2018-02-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-01-22]
CHR Extension: (Ace Script) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2017-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-02] (AMD)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-29] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5289432 2017-10-25] (Binary Fortress Software)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-10-18] (Intel Corporation)
R2 NativeDesktopMediaService; C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe [2020352 2018-04-03] () [File not signed] <==== ATTENTION
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-13] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [24424 2016-08-13] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-02] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-02] (Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-12] (Advanced Micro Devices)
S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [113160 2016-11-04] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [132104 2017-10-18] (Intel Corporation)
R1 MpKsl27b0b134; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{32F119E2-37F3-4160-A164-FD03ADF5418D}\MpKsl27b0b134.sys [58120 2018-04-07] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [135688 2016-12-09] (Samsung Electronics Co., Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-08 11:27 - 2018-04-08 11:28 - 000021103 _____ C:\Users\Trrav\Downloads\FRST.txt
2018-04-08 11:27 - 2018-04-08 11:27 - 002403328 _____ (Farbar) C:\Users\Trrav\Downloads\FRST64.exe
2018-04-08 11:27 - 2018-04-08 11:27 - 000000000 ____D C:\FRST
2018-04-08 11:02 - 2018-04-08 11:02 - 000000000 ____D C:\ProgramData\0e59947c-4405-0
2018-04-08 11:01 - 2018-04-08 11:02 - 000000000 ____D C:\ProgramData\0e59947c-4621-0
2018-04-08 11:00 - 2018-04-08 11:00 - 000000000 ____D C:\ProgramData\0e59947c-4111-0
2018-04-08 04:18 - 2018-04-08 11:01 - 000000000 ____D C:\ProgramData\0e59947c-0407-0
2018-04-08 04:18 - 2018-04-08 04:19 - 000000000 ____D C:\ProgramData\0e59947c-2731-0
2018-04-08 04:17 - 2018-04-08 04:19 - 000000000 ____D C:\ProgramData\0e59947c-6063-0
2018-04-08 04:17 - 2018-04-08 04:19 - 000000000 ____D C:\ProgramData\0e59947c-5723-0
2018-04-08 04:17 - 2018-04-08 04:18 - 000000000 ____D C:\ProgramData\0e59947c-7b41-0
2018-04-08 04:16 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-4301-0
2018-04-08 04:15 - 2018-04-08 11:00 - 000000000 ____D C:\ProgramData\0e59947c-0d41-0
2018-04-08 04:15 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-68c1-0
2018-04-08 04:15 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-0d41-1
2018-04-08 04:15 - 2018-04-08 04:15 - 000000000 ____D C:\ProgramData\0e59947c-6533-0
2018-04-08 04:15 - 2018-04-08 04:15 - 000000000 ____D C:\ProgramData\0e59947c-4285-1
2018-04-08 04:14 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-7607-1
2018-04-08 04:14 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-75b1-0
2018-04-08 04:13 - 2018-04-08 04:18 - 000000000 ____D C:\ProgramData\0e59947c-3c67-0
2018-04-08 04:13 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-48f1-1
2018-04-08 04:13 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-48e3-1
2018-04-08 04:13 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-7023-0
2018-04-08 04:13 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-4cb7-1
2018-04-08 04:13 - 2018-04-08 04:15 - 000000000 ____D C:\ProgramData\0e59947c-6383-0
2018-04-08 04:13 - 2018-04-08 04:15 - 000000000 ____D C:\ProgramData\0e59947c-2735-0
2018-04-08 04:12 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-1bb1-1
2018-04-08 04:12 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-1477-0
2018-04-08 04:12 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-00d7-0
2018-04-08 04:12 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-4ab5-1
2018-04-08 04:12 - 2018-04-08 04:15 - 000000000 ____D C:\ProgramData\0e59947c-4407-1
2018-04-08 04:12 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-7b55-1
2018-04-08 04:12 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-7671-0
2018-04-08 04:12 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-75c7-0
2018-04-08 04:12 - 2018-04-08 04:12 - 000000000 ____D C:\ProgramData\0e59947c-08a1-0
2018-04-08 04:11 - 2018-04-08 04:18 - 000000000 ____D C:\ProgramData\0e59947c-24b1-0
2018-04-08 04:11 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-5827-0
2018-04-08 04:11 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-3b47-0
2018-04-08 04:11 - 2018-04-08 04:14 - 000000000 ____D C:\ProgramData\0e59947c-2d03-1
2018-04-08 04:11 - 2018-04-08 04:14 - 000000000 ____D C:\ProgramData\0e59947c-0891-1
2018-04-08 04:11 - 2018-04-08 04:12 - 000000000 ____D C:\ProgramData\0e59947c-25d7-0
2018-04-08 04:11 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-2ee7-0
2018-04-08 04:10 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-57c1-1
2018-04-08 04:10 - 2018-04-08 04:12 - 000000000 ____D C:\ProgramData\0e59947c-4991-1
2018-04-08 04:10 - 2018-04-08 04:12 - 000000000 ____D C:\ProgramData\0e59947c-45f5-0
2018-04-08 04:10 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-6781-0
2018-04-08 04:10 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-5945-0
2018-04-08 04:10 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-0d57-0
2018-04-08 04:10 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-2f91-1
2018-04-08 04:09 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-67e7-1
2018-04-08 04:09 - 2018-04-08 04:12 - 000000000 ____D C:\ProgramData\0e59947c-0b17-0
2018-04-08 04:09 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-67e1-1
2018-04-08 04:09 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-4571-0
2018-04-08 04:09 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-4e41-0
2018-04-08 04:09 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-4255-0
2018-04-08 04:09 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-1aa5-0
2018-04-08 04:09 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-17b7-0
2018-04-08 04:09 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-0e97-0
2018-04-08 04:09 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-2ec1-0
2018-04-08 04:08 - 2018-04-08 04:13 - 000000000 ____D C:\ProgramData\0e59947c-55c7-0
2018-04-08 04:08 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-1403-0
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-76c5-1
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-6b91-0
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-50c1-1
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-46e7-0
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-1fd3-1
2018-04-08 04:08 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-1671-0
2018-04-08 04:07 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-4fc5-0
2018-04-08 04:07 - 2018-04-08 04:16 - 000000000 ____D C:\ProgramData\0e59947c-20a7-1
2018-04-08 04:07 - 2018-04-08 04:10 - 000000000 ____D C:\ProgramData\0e59947c-72b5-1
2018-04-08 04:07 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-0437-0
2018-04-08 04:07 - 2018-04-08 04:08 - 000000000 ____D C:\ProgramData\0e59947c-5071-0
2018-04-08 04:07 - 2018-04-08 04:08 - 000000000 ____D C:\ProgramData\0e59947c-3835-1
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-5ea1-0
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-4ac7-1
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-4a47-0
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-1c27-0
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-1987-1
2018-04-08 04:06 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-02b7-1
2018-04-08 04:06 - 2018-04-08 04:08 - 000000000 ____D C:\ProgramData\0e59947c-06e5-0
2018-04-08 04:06 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-5313-1
2018-04-08 04:05 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-5d03-1
2018-04-08 04:05 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-2073-0
2018-04-08 04:05 - 2018-04-08 04:06 - 000000000 ____D C:\ProgramData\0e59947c-6703-0
2018-04-08 04:05 - 2018-04-08 04:06 - 000000000 ____D C:\ProgramData\0e59947c-2c31-1
2018-04-08 04:04 - 2018-04-08 04:11 - 000000000 ____D C:\ProgramData\0e59947c-3ff3-1
2018-04-08 04:04 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-5ff5-0
2018-04-08 04:04 - 2018-04-08 04:09 - 000000000 ____D C:\ProgramData\0e59947c-2f27-0
2018-04-08 04:04 - 2018-04-08 04:08 - 000000000 ____D C:\ProgramData\0e59947c-7eb5-0
2018-04-08 04:04 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-5247-1
2018-04-08 04:04 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-19e1-0
2018-04-08 04:04 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-0277-1
2018-04-08 04:04 - 2018-04-08 04:06 - 000000000 ____D C:\ProgramData\0e59947c-14f7-0
2018-04-08 04:04 - 2018-04-08 04:06 - 000000000 ____D C:\ProgramData\0e59947c-0d87-1
2018-04-08 04:04 - 2018-04-08 04:05 - 000000000 ____D C:\ProgramData\0e59947c-5705-1
2018-04-08 04:03 - 2018-04-08 04:07 - 000000000 ____D C:\ProgramData\0e59947c-4643-0
2018-04-08 04:03 - 2018-04-08 04:06 - 000000000 ____D C:\ProgramData\0e59947c-29f1-1
2018-04-08 04:03 - 2018-04-08 04:05 - 000000000 ____D C:\ProgramData\0e59947c-70c7-0
2018-04-08 04:03 - 2018-04-08 04:05 - 000000000 ____D C:\ProgramData\0e59947c-25e7-1
2018-04-08 04:03 - 2018-04-08 04:05 - 000000000 ____D C:\ProgramData\0e59947c-1dd7-1
2018-04-08 04:03 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-75d5-1
2018-04-08 04:03 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-7201-0
2018-04-08 04:03 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-4f71-0
2018-04-08 04:03 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-0ed5-0
2018-04-08 04:03 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-0551-1
2018-04-08 04:02 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-64f7-1
2018-04-08 04:02 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-5d53-1
2018-04-08 04:02 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-05a5-1
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-6441-1
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-5731-0
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-48d7-0
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-3c21-1
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-2771-0
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-22e7-0
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-1ad3-0
2018-04-08 04:02 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-0f97-1
2018-04-08 04:01 - 2018-04-08 04:05 - 000000000 ____D C:\ProgramData\0e59947c-0d73-1
2018-04-08 04:01 - 2018-04-08 04:03 - 000000000 ____D C:\ProgramData\0e59947c-7d15-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-7585-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-6a81-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-5903-1
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-54e1-1
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-4615-1
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-42e7-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-3d95-1
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-3d77-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-3bc3-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-3b65-0
2018-04-08 04:01 - 2018-04-08 04:02 - 000000000 ____D C:\ProgramData\0e59947c-39d1-1
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-7767-1
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-6445-0
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-61e1-1
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-3f13-0
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-2817-1
2018-04-08 04:00 - 2018-04-08 04:01 - 000000000 ____D C:\ProgramData\0e59947c-1051-0
2018-04-08 04:00 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-5e17-1
2018-04-08 04:00 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-48c3-0
2018-04-08 04:00 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-20f1-1
2018-04-08 04:00 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-1f17-0
2018-04-08 03:59 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-7533-1
2018-04-08 03:59 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-62d1-1
2018-04-08 03:59 - 2018-04-08 04:00 - 000000000 ____D C:\ProgramData\0e59947c-5203-0
2018-04-08 03:59 - 2018-04-08 03:59 - 000000000 ____D C:\ProgramData\0e59947c-6745-1
2018-04-08 03:59 - 2018-04-08 03:59 - 000000000 ____D C:\ProgramData\0e59947c-3ed1-0
2018-04-08 03:59 - 2018-04-08 03:59 - 000000000 ____D C:\ProgramData\0e59947c-3873-0
2018-04-08 03:58 - 2018-04-08 03:59 - 000000000 ____D C:\ProgramData\0e59947c-1407-0
2018-04-07 22:03 - 2018-04-07 22:03 - 000109275 _____ C:\Users\Trrav\Downloads\Tralle_Quick CMA Rentals (2).pdf
2018-04-07 21:07 - 2018-04-07 21:07 - 000109275 _____ C:\Users\Trrav\Downloads\Tralle_Quick CMA Rentals.pdf
2018-04-07 18:49 - 2018-04-07 18:49 - 084934656 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-04-07 15:58 - 2018-04-08 03:59 - 000000000 ____D C:\ProgramData\0e59947c-4b61-0
2018-04-07 15:57 - 2018-04-08 03:58 - 000000000 ____D C:\ProgramData\0e59947c-1783-0
2018-04-07 15:57 - 2018-04-07 15:59 - 000000000 ____D C:\ProgramData\0e59947c-4da1-0
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-6025-0
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-5fc7-0
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-49b1-1
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-2ab7-0
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-2435-1
2018-04-07 15:57 - 2018-04-07 15:58 - 000000000 ____D C:\ProgramData\0e59947c-06d5-0
2018-04-07 15:57 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-3d71-0
2018-04-07 15:56 - 2018-04-08 04:04 - 000000000 ____D C:\ProgramData\0e59947c-0893-0
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-7c15-1
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-7bc1-1
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-6d23-1
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-5bc5-0
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-52b7-1
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-5295-1
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-31a5-0
2018-04-07 15:56 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-06c5-0
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-5cc7-0
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-5275-0
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-5115-0
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-4ed3-1
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-4e85-1
2018-04-07 15:56 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-0ef3-1
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-71f3-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-6b65-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-6485-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-60b3-1
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-60a1-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-59d3-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-4bc5-1
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-48b1-1
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-43c5-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-40c1-1
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-12d7-0
2018-04-07 15:55 - 2018-04-07 15:56 - 000000000 ____D C:\ProgramData\0e59947c-1181-1
2018-04-07 15:55 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-77f5-0
2018-04-07 15:55 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-7707-0
2018-04-07 15:55 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-3ae3-0
2018-04-07 15:55 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-01e7-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-72d5-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-6dc1-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-67f3-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-5cb7-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-5aa5-0
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-5803-0
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-3313-1
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-2ec3-0
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-2943-0
2018-04-07 15:54 - 2018-04-07 15:55 - 000000000 ____D C:\ProgramData\0e59947c-00e3-0
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-74a5-0
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-6257-1
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-5945-1
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-3843-0
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-1f51-0
2018-04-07 15:54 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-17a7-1
2018-04-07 15:53 - 2018-04-07 15:57 - 000000000 ____D C:\ProgramData\0e59947c-5603-0
2018-04-07 15:53 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-79e1-0
2018-04-07 15:53 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-7025-1
2018-04-07 15:53 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-3e83-0
2018-04-07 15:53 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-3423-1
2018-04-07 15:53 - 2018-04-07 15:54 - 000000000 ____D C:\ProgramData\0e59947c-2813-1
2018-04-07 15:53 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-4f63-0
2018-04-07 15:53 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-4ce1-1
2018-04-07 15:53 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-4463-0
2018-04-07 15:53 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-1573-1
2018-04-07 15:52 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-4711-1
2018-04-07 15:52 - 2018-04-07 15:53 - 000000000 ____D C:\ProgramData\0e59947c-1421-0
2018-04-07 15:52 - 2018-04-07 15:52 - 000000000 ____D C:\ProgramData\0e59947c-6d73-1
2018-04-07 15:52 - 2018-04-07 15:52 - 000000000 ____D C:\ProgramData\0e59947c-5317-0
2018-04-07 15:41 - 2018-04-07 15:41 - 000000000 ____D C:\ProgramData\0e59947c-5355-0
2018-04-07 15:40 - 2018-04-07 15:41 - 000000000 ____D C:\ProgramData\0e59947c-5bf5-0
2018-04-07 15:39 - 2018-04-07 15:40 - 000000000 ____D C:\ProgramData\0e59947c-4781-0
2018-04-07 15:39 - 2018-04-07 15:40 - 000000000 ____D C:\ProgramData\0e59947c-0fe5-0
2018-04-07 15:39 - 2018-04-07 15:39 - 000000000 ____D C:\ProgramData\0e59947c-7903-0
2018-04-07 15:38 - 2018-04-07 15:39 - 000000000 ____D C:\ProgramData\0e59947c-6635-0
2018-04-07 15:38 - 2018-04-07 15:39 - 000000000 ____D C:\ProgramData\0e59947c-5c95-0
2018-04-07 15:38 - 2018-04-07 15:38 - 000000000 ____D C:\ProgramData\0e59947c-6c15-0
2018-04-07 15:37 - 2018-04-07 15:38 - 000000000 ____D C:\ProgramData\0e59947c-11b1-0
2018-04-07 15:37 - 2018-04-07 15:38 - 000000000 ____D C:\ProgramData\0e59947c-0d45-0
2018-04-07 15:36 - 2018-04-08 04:17 - 000000000 ____D C:\ProgramData\0e59947c-4085-0
2018-04-07 15:36 - 2018-04-07 15:37 - 000000000 ____D C:\ProgramData\0e59947c-7691-0
2018-04-07 15:35 - 2018-04-07 15:36 - 000000000 ____D C:\ProgramData\0e59947c-2033-0
2018-04-07 15:25 - 2018-04-07 15:36 - 000000000 ____D C:\ProgramData\0e59947c-2f85-0
2018-04-07 15:24 - 2018-04-07 15:52 - 000000000 ____D C:\ProgramData\0e59947c-23f7-0
2018-04-07 15:24 - 2018-04-07 15:25 - 000000000 ____D C:\ProgramData\0e59947c-2581-1
2018-04-07 15:24 - 2018-04-07 15:25 - 000000000 ____D C:\ProgramData\0e59947c-1ea5-0
2018-04-07 15:23 - 2018-04-07 15:24 - 000000000 ____D C:\ProgramData\0e59947c-6317-0
2018-04-07 15:23 - 2018-04-07 15:24 - 000000000 ____D C:\ProgramData\0e59947c-00a3-1
2018-04-07 15:22 - 2018-04-07 15:23 - 000000000 ____D C:\ProgramData\0e59947c-4f21-0
2018-04-07 15:22 - 2018-04-07 15:23 - 000000000 ____D C:\ProgramData\0e59947c-1be3-1
2018-04-07 15:22 - 2018-04-07 15:23 - 000000000 ____D C:\ProgramData\0e59947c-1115-0
2018-04-07 15:22 - 2018-04-07 15:23 - 000000000 ____D C:\ProgramData\0e59947c-0fb7-0
2018-04-07 15:21 - 2018-04-07 15:23 - 000000000 ____D C:\ProgramData\0e59947c-2873-0
2018-04-07 15:21 - 2018-04-07 15:22 - 000000000 ____D C:\ProgramData\0e59947c-16c7-1
2018-04-07 15:20 - 2018-04-07 15:22 - 000000000 ____D C:\ProgramData\0e59947c-6b55-1
2018-04-07 15:20 - 2018-04-07 15:22 - 000000000 ____D C:\ProgramData\0e59947c-0de5-0
2018-04-07 15:20 - 2018-04-07 15:21 - 000000000 ____D C:\ProgramData\0e59947c-78b7-1
2018-04-07 15:20 - 2018-04-07 15:21 - 000000000 ____D C:\ProgramData\0e59947c-3cf3-0
2018-04-07 15:20 - 2018-04-07 15:21 - 000000000 ____D C:\ProgramData\0e59947c-1ee1-1
2018-04-07 15:20 - 2018-04-07 15:20 - 000000000 ____D C:\ProgramData\0e59947c-0491-0
2018-04-07 12:38 - 2018-04-07 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-04-07 12:38 - 2018-04-07 12:38 - 000000000 ____D C:\Program Files\qBittorrent
2018-04-07 12:36 - 2018-04-07 12:36 - 000000000 ____D C:\Users\Trrav\Downloads\Formula.1.2018x02.Bharain.Qualifying.SkyF1HD.SD
2018-04-07 12:35 - 2018-04-07 12:36 - 022476558 _____ (The qBittorrent project) C:\Users\Trrav\Downloads\qbittorrent_4.0.4_x64_setup.exe
2018-04-07 12:35 - 2018-04-07 12:35 - 000012183 _____ C:\Users\Trrav\Downloads\((Demonoid_www.Demonoid.pw))-Formula_1_2018x02_Bharain_Qualifying_SkyF1HD_SD.TORRENT
2018-04-07 11:25 - 2018-04-07 11:25 - 000004522 _____ C:\Users\Trrav\Downloads\Monthly - Houston Evictions 2018 - 28th Mar - 3rd Apr.csv
2018-04-07 09:21 - 2018-04-07 09:21 - 000000000 ____D C:\ProgramData\{22863389-012c-0}
2018-04-07 06:27 - 2018-04-07 06:27 - 000000000 ____D C:\ProgramData\{3a5c584f-112c-0}
2018-04-07 04:54 - 2018-04-07 15:20 - 000000000 ____D C:\ProgramData\0e59947c-7593-0
2018-04-07 04:53 - 2018-04-08 11:02 - 000003884 _____ C:\WINDOWS\System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A}
2018-04-07 04:53 - 2018-04-07 04:55 - 000000000 ____D C:\ProgramData\0e59947c-3e35-0
2018-04-07 04:52 - 2018-04-08 11:02 - 000003594 _____ C:\WINDOWS\System32\Tasks\Checker64
2018-04-07 04:52 - 2018-04-07 04:52 - 000000000 ____D C:\ProgramData\JetMedia
2018-04-07 04:52 - 2018-04-07 04:52 - 000000000 ____D C:\Program Files\Jetmedia
2018-04-03 21:31 - 2018-04-03 21:31 - 000004460 _____ C:\Users\Trrav\Downloads\Monthly Houston Evictions 2018 - 21st Mar - 27th Mar.csv
2018-03-29 18:13 - 2018-03-29 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 09:31 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-28 09:31 - 2018-03-28 09:31 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-25 19:06 - 2018-03-25 19:06 - 000006694 _____ C:\Users\Trrav\Downloads\Monthly - Houston Evictions 2018 - 14th Mar - 20 Mar.csv
2018-03-19 11:04 - 2018-03-19 11:04 - 001368548 _____ C:\Users\Trrav\Downloads\Ana White - How to Build a Super Easy Little Adirondack Chair - 2014-09-21.pdf
2018-03-18 10:26 - 2018-03-18 10:26 - 000448752 _____ C:\Users\Trrav\Downloads\tickets.pdf
2018-03-18 09:20 - 2018-03-18 09:20 - 000007863 _____ C:\Users\Trrav\Downloads\Monthly - Houston Evictions 2018 - 7th Mar - 13th Mar.csv
2018-03-17 16:41 - 2018-03-17 16:41 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-13 17:34 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-13 17:34 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 12:49 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 12:49 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 12:49 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 12:49 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 12:49 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 12:49 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 12:49 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 12:49 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 12:49 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 12:49 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 12:49 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 12:49 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 12:49 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 12:49 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 12:49 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 12:49 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 12:49 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 12:49 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 12:49 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 12:49 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 12:49 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 12:49 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 12:49 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 12:49 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 12:49 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 12:49 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 12:49 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 12:49 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 12:49 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 12:49 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 12:49 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 12:49 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 12:49 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 12:49 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 12:49 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 12:49 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 12:49 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 12:49 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 12:49 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 12:49 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 12:49 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 12:49 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 12:49 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 12:49 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 12:49 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 12:49 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 12:49 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 12:49 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 12:49 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 12:49 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 12:49 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 12:49 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 12:49 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 12:49 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 12:49 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 12:49 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 12:49 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 12:49 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 12:49 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 12:49 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 12:49 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 12:49 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 12:49 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 12:49 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 12:49 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 12:49 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 12:49 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 12:49 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 12:49 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 12:49 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 12:49 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 12:49 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 12:49 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 12:49 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 12:49 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 12:49 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 12:49 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 12:49 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 12:49 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 12:49 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 12:49 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 12:49 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 12:49 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 12:49 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 12:49 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 12:49 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 12:49 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 12:49 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 12:49 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 12:49 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 12:49 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 12:49 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 12:49 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 12:49 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 12:49 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 12:49 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 12:49 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 12:49 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 12:49 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 12:49 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 12:49 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 12:49 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 12:49 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 12:49 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 12:49 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 12:49 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 12:49 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 12:49 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 12:49 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 12:49 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 12:49 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 12:49 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 12:49 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 12:49 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 12:49 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 12:49 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 12:49 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 12:49 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 12:49 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 12:49 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 12:49 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 12:49 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 12:49 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 12:49 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 12:49 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 12:49 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 12:49 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 12:49 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 12:49 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 12:49 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 12:49 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 12:49 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 12:49 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 12:49 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 12:49 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 12:49 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 12:49 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 12:49 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 12:49 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 12:49 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 12:49 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 12:49 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 12:49 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 12:49 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 12:49 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 12:49 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 12:49 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 12:49 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 12:49 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 12:49 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 12:49 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 12:49 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 12:49 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 12:49 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 12:49 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 12:49 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 12:49 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 12:49 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 12:49 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 12:49 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 12:49 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 12:49 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 12:49 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 12:49 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 12:49 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 12:49 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 12:49 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 12:49 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 12:49 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 12:49 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 12:49 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 12:49 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 12:49 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 12:49 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 12:49 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 12:49 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-12 14:09 - 2018-03-12 14:09 - 000005623 _____ C:\Users\Trrav\Downloads\Copy of Houston Evictions 2018 - 1st Mar - 6th Mar.csv
2018-03-10 08:09 - 2018-03-10 08:09 - 000005623 _____ C:\Users\Trrav\Downloads\Houston Evictions 2018 - 1st Mar - 6th Mar.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-08 11:25 - 2017-11-29 11:11 - 000000000 ____D C:\Users\Trrav\AppData\Local\ClassicShell
2018-04-08 11:18 - 2018-01-05 19:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-08 11:13 - 2018-01-12 11:15 - 000000000 ____D C:\Users\Trrav\AppData\Local\DisplayFusion
2018-04-08 11:02 - 2018-03-03 10:21 - 000000000 ____D C:\ProgramData\d55b6320
2018-04-08 06:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-08 05:59 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-08 05:59 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-07 23:00 - 2017-11-29 11:04 - 000000000 ____D C:\Users\Trrav\AppData\Roaming\Spotify
2018-04-07 18:49 - 2018-02-25 23:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-04-07 15:56 - 2018-01-05 19:26 - 001235366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-07 15:50 - 2018-02-13 13:44 - 000009664 _____ C:\Users\Trrav\Downloads\EZBlocker-log.txt
2018-04-07 15:49 - 2018-01-05 19:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-07 15:42 - 2017-11-29 11:18 - 000000000 ____D C:\Users\Trrav\AppData\Roaming\qBittorrent
2018-04-07 15:42 - 2017-10-19 16:28 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-04-07 15:42 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-07 15:39 - 2017-11-30 13:47 - 000000000 ____D C:\ProgramData\TEMP
2018-04-07 15:20 - 2018-03-03 10:21 - 000000000 ____D C:\ProgramData\0e59947c-3575-1
2018-04-07 13:54 - 2018-01-05 19:15 - 000000000 ____D C:\Users\Trrav\AppData\Local\Packages
2018-04-07 11:16 - 2017-11-29 11:04 - 000000000 ____D C:\Users\Trrav\AppData\Local\Spotify
2018-04-07 09:22 - 2018-03-03 10:21 - 000000000 ____D C:\ProgramData\{2fe97dfe-112c-1}
2018-04-07 06:28 - 2018-03-03 10:21 - 000000000 ____D C:\ProgramData\{3fe46aee-212c-0}
2018-04-07 05:04 - 2018-03-03 10:21 - 000004368 _____ C:\WINDOWS\System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F
2018-04-07 05:04 - 2018-03-03 10:21 - 000000000 ____D C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C
2018-04-07 04:53 - 2018-03-03 10:21 - 000000000 ____D C:\ProgramData\0e59947c-5885-0
2018-04-03 21:55 - 2018-01-05 19:15 - 000000000 ____D C:\Users\Trrav
2018-03-29 18:13 - 2017-11-29 11:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-22 17:04 - 2017-11-29 10:58 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 00:58 - 2018-01-05 19:24 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-412636521-2995881642-3868374669-1003
2018-03-20 00:58 - 2017-11-29 10:49 - 000002363 _____ C:\Users\Trrav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-20 00:58 - 2017-11-29 10:49 - 000000000 ___RD C:\Users\Trrav\OneDrive
2018-03-17 21:11 - 2017-12-07 14:47 - 000000000 ____D C:\Users\Trrav\AppData\Local\ElevatedDiagnostics
2018-03-17 16:41 - 2017-10-19 16:11 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-17 16:40 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 22:38 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-13 17:35 - 2018-01-05 21:58 - 000000000 ___RD C:\Users\Trrav\3D Objects
2018-03-13 17:35 - 2017-04-03 12:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 17:34 - 2018-01-05 19:12 - 000384496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-13 17:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-13 17:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-13 17:32 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 12:59 - 2017-11-29 13:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 12:59 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 12:57 - 2017-11-29 13:12 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 12:57 - 2017-11-29 13:12 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 12:51 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 12:51 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
 
==================== Files in the root of some directories =======
 
2018-02-25 21:09 - 2018-02-25 21:11 - 000000004 _____ () C:\ProgramData\lock.dat
2018-02-25 21:33 - 2018-02-25 21:33 - 000000000 ____H () C:\Users\Trrav\AppData\Local\BIT51FE.tmp
2018-02-25 21:07 - 2018-02-25 21:07 - 000011568 _____ () C:\Users\Trrav\AppData\Local\InstallationConfiguration.xml
2018-02-25 21:07 - 2018-02-25 21:07 - 000140800 _____ () C:\Users\Trrav\AppData\Local\installer.dat
2018-02-25 21:07 - 2018-02-25 21:07 - 000930816 _____ () C:\Users\Trrav\AppData\Local\po.db
2018-02-25 21:33 - 2018-02-25 21:33 - 000000000 _____ () C:\Users\Trrav\AppData\Local\{0B31B2A3-A3B3-46F6-A07D-38B1BC227306}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-07 02:02
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Travis (08-04-2018 11:29:11)
Running from C:\Users\Trrav\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2018-01-06 00:25:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-412636521-2995881642-3868374669-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-412636521-2995881642-3868374669-503 - Limited - Disabled)
Guest (S-1-5-21-412636521-2995881642-3868374669-501 - Limited - Disabled)
Travis (S-1-5-21-412636521-2995881642-3868374669-1003 - Administrator - Enabled) => C:\Users\Trrav
WDAGUtilityAccount (S-1-5-21-412636521-2995881642-3868374669-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
At The Depth (HKLM-x32\...\{3BE1CC99-7CE4-44A8-8128-62233DA3DA11}_is1) (Version: 2.52 - EleFun Multimedia)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CDXZipStream (HKLM-x32\...\{D1EF3848-AF73-4ADC-B32B-B7558BF006C4}_is1) (Version: 3.1.5 - Hughes Financial Services, Inc.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
DisplayFusion 9.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.0.0.0 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5AE8ACA2-420B-4196-A8E0-20E8EB274E0F}) (Version: 17.1.1512.0771 - Intel Corporation)
K-Lite Codec Pack 14.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.0 - KLCP)
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
NativeDesktopMediaService (HKLM\...\{F27C3D77-86D1-4AB6-B4D8-43E4515B5261}) (Version: 2.1.17 - Jetmedia) <==== ATTENTION
Not so deep (HKLM-x32\...\Not so deep_is1) (Version:  - )
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office Tab (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 11.00 - Addin Technology Inc.)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
qBittorrent 4.0.4 (HKLM-x32\...\qBittorrent) (Version: 4.0.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Spotify (HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Total War - WARHAMMER II version 1.0 (HKLM\...\Total War - WARHAMMER II_is1) (Version: 1.0 - STEAMPUNKS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{0A55A260-70BD-38D3-B1B6-AFC098FBCDA8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{0A8BABB9-49F7-3C0B-8D4C-5F45652043B8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{11D945D8-F577-3096-8B3B-682982D63127}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{1D6BC759-1900-3B9B-86A5-C53A9F525F93}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{2DDE3FA7-CB18-4362-9666-332349693432}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{6A92F597-684D-3647-9642-AF6EC32241AB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{6D3420C8-7136-3A53-B045-02D454C4104C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{9517513D-D9E9-33D4-9FE2-BEF4BCE1E09D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{9BC370DF-83F3-363B-BBEF-21B2155F25DD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{A0389E46-ACCB-3484-AD13-A8C5CB3875B5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{E8F5DB4A-3473-4730-9A58-85795F8436C9}\InprocServer32 -> C:\Program Files (x86)\CDXZipStream\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{E91EFD66-E3A5-38BD-939B-C1EFDF6FE2D7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-412636521-2995881642-3868374669-1003_Classes\CLSID\{FD4967A9-8D70-30ED-9EBB-2C93BFC6A0DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14A5CC73-9E10-444E-B4EB-00D3B2E8B325} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {1962A7BD-9242-436C-BD4D-8D49CA3977CD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {3824F007-B6C7-4FFA-AF03-5995245D9DC4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4631A4A5-4639-4FE8-805D-A42031BA68FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {55A4D9A2-4E4A-45FB-AC97-23F9656330B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-29] (Google Inc.)
Task: {6EDB2E53-F5C3-494D-BC69-8A218F398630} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {6EFE500A-AA91-45DC-A282-5A2CBB017A51} - System32\Tasks\Checker64 => C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe [2018-04-04] () <==== ATTENTION
Task: {7DE89D9C-D174-4EA4-A444-C5CF0EBE7129} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-29] (Dropbox, Inc.)
Task: {7E13C64B-3185-4639-99B2-FE7DC6381ACE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A16B28CA-D690-45E6-8DFA-373F014056FB} - System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d55b6320\cd5c83a6.dll" <==== ATTENTION
Task: {ACF3C795-00EE-4637-8BB4-AE02AD0409D1} - System32\Tasks\{0F097F47-7D7E-780C-7811-7F0E7A7A110E} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAIAAgADsAIAAgACAAIAA7ACAAOwAgADsAIAA7ADsAOwA7ACAAIAA7ACAAOwAgADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsA (the data entry has 9576 more characters). <==== ATTENTION
Task: {B568FCBA-8925-47B7-AAF0-35358A9D2EB0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-29] (Dropbox, Inc.)
Task: {BF1764AA-5244-4500-A0F5-45253A5511F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {C8063CA2-E70F-4606-879B-DF17745C90AA} - System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/00b78c20e02c4222 /q" "C:\Users\Trrav\AppData\Local\410350~1\{CD5C8~1."
Task: {D5EB785D-59D2-4259-AF6C-C2D8E6912DD7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {E9EC1388-9894-406E-A64B-DA90B20A5CE1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {F50CCF0E-F582-4CE3-9C2C-863A72FA5E77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 14:58 - 2005-04-21 23:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-07-11 08:03 - 2017-07-11 08:03 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-07-25 13:25 - 2017-07-25 13:25 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-25 13:25 - 2017-07-25 13:25 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 12:49 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 12:49 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-26 15:09 - 2018-03-26 15:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-26 15:09 - 2018-03-26 15:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-26 15:09 - 2018-03-26 15:10 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-26 15:09 - 2018-03-26 15:10 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-26 15:09 - 2018-03-26 15:10 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-11-29 11:03 - 2018-02-15 05:00 - 000345600 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll
2018-03-22 17:04 - 2018-03-20 01:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-22 17:04 - 2018-03-20 01:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-03 08:40 - 2018-04-03 08:40 - 002020352 _____ () C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
2018-03-13 15:31 - 2018-02-28 16:59 - 031228928 _____ () C:\Users\Trrav\AppData\Local\Google\Chrome\User Data\PepperFlash\29.0.0.113\pepflashplayer.dll
2017-12-08 14:57 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-11-29 11:04 - 2018-04-01 15:14 - 081770384 _____ () C:\Users\Trrav\AppData\Roaming\Spotify\libcef.dll
2017-11-29 11:04 - 2018-04-01 15:14 - 003740560 _____ () C:\Users\Trrav\AppData\Roaming\Spotify\libglesv2.dll
2017-11-29 11:04 - 2018-04-01 15:14 - 000088464 _____ () C:\Users\Trrav\AppData\Roaming\Spotify\libegl.dll
2018-04-07 04:52 - 2018-04-07 05:04 - 001058304 _____ () C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
AlternateDataStreams: C:\Users\Trrav\Desktop\My Movie - Wedding Slideshow1.mp4:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2018-02-13 13:45 - 000001019 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Trrav\AppData\Local\DisplayFusion\Wallpaper_2.png
DNS Servers: 82.163.143.176 - 82.163.142.178
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-412636521-2995881642-3868374669-1003\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{3784EC3E-54A6-4A3B-B231-4665F23AF69B}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{65AE7D77-F300-412D-8FA7-74C3BC68A520}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{D258312F-3234-479B-9B9C-524464354C39}C:\users\trrav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trrav\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E988A8AB-71B1-4C92-99A3-0351D2792E1B}C:\users\trrav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trrav\appdata\roaming\spotify\spotify.exe
FirewallRules: [{50B0D84B-B921-4670-A2F8-CB943BB65100}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{6DCCABFC-C61E-441B-913E-80FDD1E9E58F}C:\program files\total war - warhammer ii\warhammer2.exe] => (Allow) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [TCP Query User{E50CE8AA-9350-48C0-B73E-CCD963A896DF}C:\program files\total war - warhammer ii\warhammer2.exe] => (Allow) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [{229CEF1B-D389-4092-8B48-02BF322438C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D9D52168-3192-4299-922C-196F7A9F9D65}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5CCA3974-8E1A-41AB-AF25-31DEF16216DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CE79F1BA-2E53-464C-B5B1-736F577B6D21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{8DFA59DB-46E2-451B-ACEC-6C5656F6F8FC}C:\users\trrav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trrav\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DB1B4FE-9DC0-42F1-A07C-D616F9B1C26C}C:\users\trrav\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\trrav\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F534F004-9185-4A06-99A1-CD80D31173C1}C:\program files\total war - warhammer ii\warhammer2.exe] => (Block) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{F55B4205-8DB3-4A79-B857-6CA1197C5B56}C:\program files\total war - warhammer ii\warhammer2.exe] => (Block) C:\program files\total war - warhammer ii\warhammer2.exe
FirewallRules: [{374C0D27-89E2-4939-A130-2475E6B81D4A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E27523E9-5428-4692-8A3D-58B8444DBBB8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{2151643D-64FC-46CE-933B-7C62C6934A49}] => (Allow) C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
FirewallRules: [{A6D62A94-59A2-424F-AE86-4F0A5B4B454C}] => (Allow) C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe
FirewallRules: [{5D94ECA3-306E-469D-B1A0-947AAB6A36AD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{E8C3F232-AB8B-40CE-9CBC-1E6037875DC5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{295063A8-53EE-4E71-8EDD-3E42F1FD7BCB}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE
 
==================== Restore Points =========================
 
22-03-2018 09:34:25 Scheduled Checkpoint
31-03-2018 20:24:25 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/08/2018 01:26:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop_media_service.exe, version: 0.0.0.0, time stamp: 0x5ac38466
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000374
Fault offset: 0x00000000000f87bb
Faulting process id: 0x3608
Faulting application start time: 0x01d3cef5a70d2a7e
Faulting application path: C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3fe7dc6a-2bc9-4fc8-91e7-5dd02d394992
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/07/2018 03:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x3248
Faulting application start time: 0x01d3ceb2e0f3dd9f
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 6a1659dc-eaf5-4894-b9c1-2e6829d84b4c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/07/2018 03:53:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: desktop_media_service.exe, version: 0.0.0.0, time stamp: 0x5ac38466
Faulting module name: desktop_media_service.exe, version: 0.0.0.0, time stamp: 0x5ac38466
Exception code: 0xc0000005
Fault offset: 0x000000000005d02b
Faulting process id: 0x13e8
Faulting application start time: 0x01d3ceb2727fb60c
Faulting application path: C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
Faulting module path: C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
Report Id: e5d84cde-a0a5-4b3e-9c5b-fcdd18500b62
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/18/2018 01:31:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.12.17007.18022, time stamp: 0x1eedf1a4
Faulting module name: mpengine.dll, version: 1.1.14600.4, time stamp: 0x5a7cf67e
Exception code: 0xc0000409
Fault offset: 0x000000000031bebd
Faulting process id: 0xe1c
Faulting application start time: 0x01d3bb1b6b19676b
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0680E62-380B-47ED-8190-10040A88FDE5}\mpengine.dll
Report Id: 17326141-306f-478e-864c-db6685460c98
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2018 02:04:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 16.0.4588.1003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 33c4
 
Start Time: 01d3b0b802370472
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
 
Report Id: 47e4d480-5d5e-48fc-8b3f-e81016e193a6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/25/2018 09:31:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3488,R,0) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU010E4.log.
 
Error: (02/25/2018 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: netstream.exe, version: 1.0.0.1, time stamp: 0x5a91cdcd
Faulting module name: netstream.exe, version: 1.0.0.1, time stamp: 0x5a91cdcd
Exception code: 0xc0000005
Fault offset: 0x000032ea
Faulting process id: 0x2b1c
Faulting application start time: 0x01d3aea6fb510a92
Faulting application path: C:\Users\Trrav\AppData\Local\Temp\DbUZwLt5j\netstream.exe
Faulting module path: C:\Users\Trrav\AppData\Local\Temp\DbUZwLt5j\netstream.exe
Report Id: 44f81d9a-00a9-42ed-b6aa-06dc7b6f561c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/25/2018 09:11:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: netstream.exe, version: 1.0.0.1, time stamp: 0x5a91cdcd
Faulting module name: netstream.exe, version: 1.0.0.1, time stamp: 0x5a91cdcd
Exception code: 0xc00001a5
Fault offset: 0x00003640
Faulting process id: 0x2b1c
Faulting application start time: 0x01d3aea6fb510a92
Faulting application path: C:\Users\Trrav\AppData\Local\Temp\DbUZwLt5j\netstream.exe
Faulting module path: C:\Users\Trrav\AppData\Local\Temp\DbUZwLt5j\netstream.exe
Report Id: daf5895c-a04a-4db3-a1a0-268c9efc874a
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/07/2018 03:57:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VO2P93)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-5VO2P93\Travis SID (S-1-5-21-412636521-2995881642-3868374669-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 03:57:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NativeDesktopMediaService service to connect.
 
Error: (04/07/2018 03:56:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VO2P93)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-5VO2P93\Travis SID (S-1-5-21-412636521-2995881642-3868374669-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 03:55:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NativeDesktopMediaService service to connect.
 
Error: (04/07/2018 03:51:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VO2P93)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-5VO2P93\Travis SID (S-1-5-21-412636521-2995881642-3868374669-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 03:50:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VO2P93)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-5VO2P93\Travis SID (S-1-5-21-412636521-2995881642-3868374669-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 03:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/07/2018 03:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-04-03 15:29:40.916
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Dnschanger.A
ID: 2147565537
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\d55b6320\cd5c83a6.dll;file:_C:\PROGRA~3\d55b6320\cd5c83a6.dll;file:_C:\WINDOWS\System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63263CC3-9BB0-4F53-A9BC-109967143DF1};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A};taskscheduler:_C:\WINDOWS\System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A}
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\regsvr32.exe
Signature Version: AV: 1.263.2034.0, AS: 1.263.2034.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-04-03 15:29:06.512
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Dnschanger.A
ID: 2147565537
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\d55b6320\cd5c83a6.dll;file:_C:\PROGRA~3\d55b6320\cd5c83a6.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\regsvr32.exe
Signature Version: AV: 1.263.2034.0, AS: 1.263.2034.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-04-03 15:29:01.511
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Dnschanger.A
ID: 2147565537
Severity: Severe
Category: Trojan
Path: file:_C:\PROGRA~3\d55b6320\cd5c83a6.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\regsvr32.exe
Signature Version: AV: 1.263.2034.0, AS: 1.263.2034.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-04-03 15:24:09.228
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/CoinMiner.D
ID: 2147669163
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.2034.0, AS: 1.263.2034.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4
 
Date: 2018-03-18 10:00:38.744
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Vagger!rfn
ID: 2147723591
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\AAct.exe;file:_C:\WINDOWS\System32\Tasks\AAct;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92B349D8-CBF6-4A80-85AF-F489B37209DE};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AAct;taskscheduler:_C:\WINDOWS\System32\Tasks\AAct
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.263.688.0, AS: 1.263.688.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 
Date: 2018-02-25 20:31:14.894
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2018-03-18 13:31:45.702
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-18 13:31:43.043
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-03-18 13:31:42.784
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 5 1400 Quad-Core Processor 
Percentage of memory in use: 79%
Total physical RAM: 8147.56 MB
Available physical RAM: 1706.24 MB
Total Virtual: 14726.13 MB
Available Virtual: 2012.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:759.16 GB) NTFS
 
\\?\Volume{c3e70511-cac1-4833-a226-d9b7dfd811d4}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{3b3685c9-ccae-45f1-862d-c93de83e80df}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA58450)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
Thanks again for taking a look at this!!!!
 
 

Edited by Ethaquill, 08 April 2018 - 05:22 PM.


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Response Team
  • 2,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 08 April 2018 - 10:32 PM

Hello Ethaquill,

My name is Ray and I'll be assisting you with your issue. Please give me a day or two to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Ethaquill

Ethaquill
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 09 April 2018 - 09:06 AM

Thanks for your help on this Ray! And thanks for studying up to be a helper in general!

 

EDIT: 

 

Windows Defender has recently removed:

Cloxer (many instances)

Azden.A!cl

Fuerboos.C!cl

Skeeyah.A!rfn

 

EDIT2:

 

Defender recently (today) removed:

Cloxer

Detplock

Daparin.A!cl

 

 

Hope this is helpful!


Edited by Ethaquill, 09 April 2018 - 01:15 PM.


#4 RayS

RayS

  • Malware Response Team
  • 2,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 12 April 2018 - 02:20 PM

Hi Ethaquill,

 

I have analyzed your logs and will have a substantive response for you shortly.

 

Thank you for your patience.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 RayS

RayS

  • Malware Response Team
  • 2,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 13 April 2018 - 10:16 AM

Hello again Ethaquill, and welcome to Bleeping Computer.

Please call me "Ray". Do you have a short nickname I can use?

I will be helping you with your computer problem.
 

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not make any further changes to your computer (such as Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) and don't perform any actions without being advised to do so. If you are unsure, please stop and describe the current state of your PC and ask your question.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.


Preliminary questions
There is very little info about C:\Program Files (x86)\CDXZipStream\CDX.ZipStream.SetupManager.exe by Hughes Financial Services, Inc. available. Did you install this program intentionally? If so, do you want to keep it?

Similarly, I wonder about NativeDesktopMediaService and Not so deep. Did you install these programs intentionally and do you want to keep them?


Peer-to-Peer File Sharing Warning

Going over your logs, I noticed that you have qBitTorrent installed. 


  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming, and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

See quietman7's warning about P2P here.

It is pretty much certain that if you continue to use P2P programs, you will get re-infected.
I strongly recommend that you uninstall all peer-to-peer file sharing programs, however, that choice is up to you. To remove these programs, see Uninstall programs instructions below.

If you wish to keep it, please do not use it until your computer is cleaned.

 

Please let me know whether you will refrain from using qBitTorrent or will uninstall it.


Hack tool detected
C:\Windows\AAct.exe has been identified as a hack tool here. It is causing a System Error, has modified your registry, and may also lead to system instability. It is an embedded scheduled task and it will be continually flagged by Windows Defender. I recommend that you delete this file. If you do so, I will clean the associated registry modification in my next post. Please let me know whether you will delete C:\Windows\AAct.exe.



Run Farbar Recovery Scan Tool (FRST) in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool will reboot your computer. 

  • Double-click on FRST64.exe to open the Farbar Recovery Scan Tool window.
  • Select the entire contents of the following code box including the Start:: and End:: directives.
  • Now press Ctrl+C to copy the contents into your clipboard.
Start::

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fd5b0cae-94ea-4943-b0a5-ff428d95c8c7}: [NameServer] 82.163.143.176 82.163.142.178
C:\ProgramData\d55b6320
C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C
?????? ????????? ????????? Microsoft Office 2016 – ?????????? (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
???????? ???????? ???????????? Microsoft Office 2016 — ??????? (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Task: {A16B28CA-D690-45E6-8DFA-373F014056FB} - System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d55b6320\cd5c83a6.dll" <==== ATTENTION
C:\PROGRA~3\d55b6320\cd5c83a6.dll
Task: {ACF3C795-00EE-4637-8BB4-AE02AD0409D1} - System32\Tasks\{0F097F47-7D7E-780C-7811-7F0E7A7A110E} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAIAAgADsAIAAgACAAIAA7ACAAOwAgADsAIAA7ADsAOwA7ACAAIAA7ACAAOwAgADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsA (the data entry has 9576 more characters). <==== ATTENTION
Task: {C8063CA2-E70F-4606-879B-DF17745C90AA} - System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/00b78c20e02c4222 /q" "C:\Users\Trrav\AppData\Local\410350~1\{CD5C8~1."
Zip: C:\Windows\System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F
2018-04-07 04:52 - 2018-04-07 05:04 - 001058304 _____ () C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
Hosts:

End::
  •  Click the Fix button in the Farbar Recovery Scan Tool window.
  • Wait until the program completes execution.
  • The tool will create a log called Fixlog.txt. Please post it into your reply.

NOTICE: This script was written specifically for this user to be used on this particular machine. Running this script on another machine may cause damage to your operating system.


Upload a file

In addition to Fixlog.txt, the script above will create a .zip file on your desktop with a date and time stamp name like this: C:\Users\Trrav\Desktop\10.04.2018_01.30.45.zip. Please rename the file by changing the .zip extension to .txt and then attach the .txt file.

 

In your next reply...

  • Confirm that you have backed up all your important data.
  • Do you want to keep CDX.ZipStream.SetupManager.exe by Hughes Financial Services, Inc.?
  • Do you want to keep NativeDesktopMediaService, and Not so deep?
  • Please tell me whether you will refrain from using qBitTorrent or will you uninstall it?
  • Please tell me whether you deleted C:\Windows\AAct.exe.
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Attach the renamed .zip file.
  • Please tell me how your PC is running now.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 Ethaquill

Ethaquill
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 14 April 2018 - 01:56 PM

- Data is backed up

- Ok to delete CDX.Zipstream

- Ok to delete NativeDesktop and Not so Deep

- No bittorrent right now, no problem

- I can't find AAct.exe in the C:\Windows directory. I tried to adjust folder options to see if it was hidden but no luck.

 

 

Question - Windows Defender keeps letting me know it has found and quarantined stuff.....should I keep having Defender delete it? Do nothing? Let me know.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Travis (14-04-2018 13:30:05) Run:1
Running from C:\Users\Trrav\Downloads
Loaded Profiles: Travis (Available Profiles: Travis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fd5b0cae-94ea-4943-b0a5-ff428d95c8c7}: [NameServer] 82.163.143.176 82.163.142.178
C:\ProgramData\d55b6320
C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C
?????? ????????? ????????? Microsoft Office 2016 – ?????????? (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
???????? ???????? ???????????? Microsoft Office 2016 — ??????? (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Task: {A16B28CA-D690-45E6-8DFA-373F014056FB} - System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\d55b6320\cd5c83a6.dll" <==== ATTENTION
C:\PROGRA~3\d55b6320\cd5c83a6.dll
Task: {ACF3C795-00EE-4637-8BB4-AE02AD0409D1} - System32\Tasks\{0F097F47-7D7E-780C-7811-7F0E7A7A110E} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAIAAgADsAIAAgACAAIAA7ACAAOwAgADsAIAA7ADsAOwA7ACAAIAA7ACAAOwAgADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsA (the data entry has 9576 more characters). <==== ATTENTION
Task: {C8063CA2-E70F-4606-879B-DF17745C90AA} - System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F => C:\WINDOWS\SysWOW64\regsvr32.exe /n /s /i:"/00b78c20e02c4222 /q" "C:\Users\Trrav\AppData\Local\410350~1\{CD5C8~1."
Zip: C:\Windows\System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F
2018-04-07 04:52 - 2018-04-07 05:04 - 001058304 _____ () C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
Hosts:
 
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{42563449-20ba-4683-99d8-21465faa7e97}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{536db3ad-3d4d-4b85-845f-21c81233ecd8}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{557a6e8c-3fef-4f11-877e-92c559d885e1}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd5b0cae-94ea-4943-b0a5-ff428d95c8c7}\\NameServer" => removed successfully
C:\ProgramData\d55b6320 => moved successfully
C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-001F-0422-1000-0000000FF1CE}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-001F-0419-1000-0000000FF1CE}\\SystemComponent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16B28CA-D690-45E6-8DFA-373F014056FB} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A} => could not remove. Access Denied.
"C:\PROGRA~3\d55b6320\cd5c83a6.dll" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACF3C795-00EE-4637-8BB4-AE02AD0409D1}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF3C795-00EE-4637-8BB4-AE02AD0409D1} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\{0F097F47-7D7E-780C-7811-7F0E7A7A110E}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F097F47-7D7E-780C-7811-7F0E7A7A110E} => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8063CA2-E70F-4606-879B-DF17745C90AA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8063CA2-E70F-4606-879B-DF17745C90AA} => could not remove. Access Denied.
"C:\WINDOWS\System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\59BC56F0-5F1C-8B1D-9086-99585720184F => could not remove. Access Denied.
================== Zip: ===================
"C:\Windows\System32\Tasks\59BC56F0-5F1C-8B1D-9086-99585720184F" => not found
=========== Zip: End ===========
"C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}" => not found
"C:\Users\Trrav\AppData\Local\410350EC-9E13-6B12-46B3-39CCC1A1025C\{CD5C83A6-E086-1807-4AD3-5F8C957E1573}" => not found
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-04-2018 13:33:59)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16B28CA-D690-45E6-8DFA-373F014056FB} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C53BA0DD-C2FF-28A0-7D94-590EBA9B8F1A} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF3C795-00EE-4637-8BB4-AE02AD0409D1} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F097F47-7D7E-780C-7811-7F0E7A7A110E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8063CA2-E70F-4606-879B-DF17745C90AA} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\59BC56F0-5F1C-8B1D-9086-99585720184F => could not remove. Access Denied.
 
==== End of Fixlog 13:33:59 ====
 
Current PC performance isn't clear....just rebooted and I need to run some errands. I can update this thread tonight with more information. 

Edited by Ethaquill, 14 April 2018 - 01:57 PM.


#7 RayS

RayS

  • Malware Response Team
  • 2,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 15 April 2018 - 07:45 AM

Hi,
 

Windows Defender keeps letting me know it has found and quarantined stuff...
Current PC performance isn't clear....just rebooted and I need to run some errands. I can update this thread tonight with more information.

Please do check out your PC. I'm particularly interested in whether Windows Defender is still making detections. If so, what is being quarantined?
 
Please restart your computer into normal boot and then scan again with FRST64.exe to get new logs. Be sure Addition.txt is checkmarked under Optional scans.
 
Copy and paste both logs into your next reply.
 
Do you have a short nickname I can use?
 
Thank you,
 
Ray
 
Edit: added request for restart prior to running the scan again.


Edited by RayS, 15 April 2018 - 03:14 PM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 RayS

RayS

  • Malware Response Team
  • 2,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:19 PM

Posted 18 April 2018 - 09:45 AM

Hi

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,309 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 AM

Posted 21 April 2018 - 10:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users