Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Accessed by DigiTechInfosolutions


  • This topic is locked This topic is locked
10 replies to this topic

#1 cedarrabbit

cedarrabbit

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 05 May 2018 - 11:45 AM

My mother saw a pop-up on her computer saying it needed to be protected from hackers, or some such thing. She called the number on the pop-up and gave them remote access to her computer. Apparently, they spent around 4 hours doing whatever it is they did to her computer and they tried to charge her over $500 for installing Avast. The bank rejected the charge. Their name & phone number are permanently displayed now on her computer in the task bar (DigiTechInfosolutions 1-855-268-5399) I changed her email address and am going to work on changing other things, but I don't know what malware they may have installed or if they can still gain access to her personal information. Sorry, I don't have information on specifically what may be on the computer other than the task bar display and the Avast program.

As I'm trying to complete this particular task, I'm finding that I cannot paste anything in this window, so I'm attaching the logs as files. I was able to copy and paste from notepad to open office, but I can't paste it in this window. Perhaps this is something that was affected by DigiTech.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 06 May 2018 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
VideoDownloadConverter Internet Explorer Toolbar (HKLM-x32\...\VideoDownloadConverter_4zbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [KnowtheBible Home Page Guard 64 bit] => "C:\PROGRA~2\BIBLET~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> No Name - {7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2018-04-28] ()
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {14E9DEA0-A2A0-4114-9571-813E53473ABA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6C2D235A-D560-42EE-B712-8BA937F687E7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B33F3D7B-1843-483F-B01B-14D45184E834} - System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsMain
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
C:\Windows\System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C}
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
C:\PROGRA~2\BIBLET~2
C:\PROGRA~2\MAPSGA~2
C:\PROGRA~2\VIDEOD~2

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the logs and let me know what problem persists with this computer.

#3 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 09 May 2018 - 06:25 PM

Hi. Thanks for the help. I tried to remove the VideoDownloadConverter file and got this message: "There was a problem starting C:\ProgramFiles (x86)\VideoDownloadConverter_4z\bar\1.bin\4zBar.dll.

The specified module could not be found. "

 

I tried to save the fixlist.txt to the specified file but could not get past the Windows folder because, when I open that folder, there is no "Temporary Internet Files" folder.

 

So I'm not sure if I should proceed with the other steps since I have not been able to accomplish the first two.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 10 May 2018 - 07:57 AM


Hi,

You have a download folder at:
C:\Users\Eva Jackson\Downloads

Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.

Go to the Download Section.

Under the Location click add or Change.
C:\Users\Eva Jackson\Downloads

Chrome give you an option to downloadl ther files to the Downloads folder.

If you prefer to be ask before saving slide the opton to the Right.
Ask where to save each file before downloading

Close the Chrome settings.

Now download the Farar tool (64bit) it will be placed in that Downloads folder.

Move or copy the file to your Desktop.

Place the Fixlist.txt you have created on the Desktop also.

Run the Farbar programd and Click the Fix button.

Post the Fixlog.txt for my review.

Let me know what problem persists.

---

p.s.
The VideoDownloadConverter program was previously removed.
The entry is just a left over item in the Registry.
You can leave it alone. Not causing any problems.

Also the other two suggested programs to download will also be placed in the default folder.

I suggest you create a new folder for each one of them.
Place the respective Download file in their folder and run the program.

#5 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 12 May 2018 - 05:50 PM

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Eva Jackson (12-05-2018 16:49:07) Run:1
Running from C:\Users\Eva Jackson\Desktop
Loaded Profiles: Eva Jackson (Available Profiles: Eva Jackson)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [KnowtheBible Home Page Guard 64 bit] => "C:\PROGRA~2\BIBLET~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> No Name - {7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2018-04-28] ()
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {14E9DEA0-A2A0-4114-9571-813E53473ABA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6C2D235A-D560-42EE-B712-8BA937F687E7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B33F3D7B-1843-483F-B01B-14D45184E834} - System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsMain
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
C:\Windows\System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C}
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
C:\PROGRA~2\BIBLET~2
C:\PROGRA~2\MAPSGA~2
C:\PROGRA~2\VIDEOD~2
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KnowtheBible Home Page Guard 64 bit" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Home Page Guard 64 bit" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Home Page Guard 64 bit" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7ABEAB51-07BE-42C5-89B4-C7F1A3A31816}" => removed successfully
HKLM\Software\Classes\CLSID\{7ABEAB51-07BE-42C5-89B4-C7F1A3A31816} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\SWDUMon" => removed successfully
SWDUMon => service removed successfully
"HKLM\System\CurrentControlSet\Services\MREMP50a64" => removed successfully
MREMP50a64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\MREMPR5" => removed successfully
MREMPR5 => service removed successfully
"HKLM\System\CurrentControlSet\Services\MRENDIS5" => removed successfully
MRENDIS5 => service removed successfully
"HKLM\System\CurrentControlSet\Services\MRESP50a64" => removed successfully
MRESP50a64 => service removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE" => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14E9DEA0-A2A0-4114-9571-813E53473ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14E9DEA0-A2A0-4114-9571-813E53473ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C2D235A-D560-42EE-B712-8BA937F687E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C2D235A-D560-42EE-B712-8BA937F687E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B33F3D7B-1843-483F-B01B-14D45184E834}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B33F3D7B-1843-483F-B01B-14D45184E834}" => removed successfully
C:\Windows\System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84A3B4B4-566F-437F-9B13-35A6D251B02C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully
"C:\Windows\System32\Tasks\{84A3B4B4-566F-437F-9B13-35A6D251B02C}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent" => not found
"C:\PROGRA~2\BIBLET~2" => not found
"C:\PROGRA~2\MAPSGA~2" => not found
"C:\PROGRA~2\VIDEOD~2" => not found
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : attlocal.net
   IPv6 Address. . . . . . . . . . . : 2602:304:cecf:cda0::43
   IPv6 Address. . . . . . . . . . . : 2602:304:cecf:cda0:60fb:2f56:9b38:6209
   Temporary IPv6 Address. . . . . . : 2602:304:cecf:cda0:5050:4abf:c560:65ee
   Link-local IPv6 Address . . . . . : fe80::60fb:2f56:9b38:6209%14
   Default Gateway . . . . . . . . . : fe80::de45:17ff:fecb:5aa0%14
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : attlocal.net
   IPv6 Address. . . . . . . . . . . : 2602:304:cecf:cda0::43
   IPv6 Address. . . . . . . . . . . : 2602:304:cecf:cda0:60fb:2f56:9b38:6209
   Temporary IPv6 Address. . . . . . : 2602:304:cecf:cda0:5050:4abf:c560:65ee
   Link-local IPv6 Address . . . . . : fe80::60fb:2f56:9b38:6209%14
   IPv4 Address. . . . . . . . . . . : 192.168.1.195
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::de45:17ff:fecb:5aa0%14
                                       192.168.1.254
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 104482309 B
Java, Flash, Steam htmlcache => 5632 B
Windows/system/drivers => 3022932486 B
Edge => 0 B
Chrome => 533866012 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42403555 B
systemprofile32 => 83172 B
LocalService => 16674 B
NetworkService => 1633272 B
Eva Jackson => 1633156578 B
 
RecycleBin => 1770244 B
EmptyTemp: => 5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:51:45 ====
 
MB3 log
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/12/18
Scan Time: 5:09 PM
Log File: 16c05918-5631-11e8-9d67-f80f4147938a.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5082
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: EvaJackson-PC\Eva Jackson
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 259385
Threats Detected: 190
Threats Quarantined: 190
Time Elapsed: 8 min, 58 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 44
PUP.Optional.MindSpark, HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\SOFTWARE\APPDATALOW\SOFTWARE\BibleTriviaTime_4l, Quarantined, [522], [240428],1.0.5082
PUP.Optional.MindSpark, HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [522], [240533],1.0.5082
PUP.Optional.Plumbytes, HKLM\SOFTWARE\Plumbytes Software, Quarantined, [3519], [262040],1.0.5082
PUP.Optional.AdvancedPasswordManager, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\apmui_RASAPI32, Quarantined, [3457], [502265],1.0.5082
PUP.Optional.AdvancedPasswordManager, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\apmui_RASMANCS, Quarantined, [3457], [502265],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverter_4zbar Uninstall Internet Explorer, Quarantined, [1681], [477826],1.0.5082
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\TRACING\Plumbytes_RASAPI32, Quarantined, [3519], [396951],1.0.5082
PUP.Optional.Plumbytes, HKLM\SOFTWARE\MICROSOFT\TRACING\Plumbytes_RASMANCS, Quarantined, [3519], [396951],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{1733B2B4-AA70-4F7A-861B-445E684A147F}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1733B2B4-AA70-4F7A-861B-445E684A147F}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1733B2B4-AA70-4F7A-861B-445E684A147F}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1733b2b4-aa70-4f7a-861b-445e684a147f}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3d429207-4689-492d-a0e5-cdc5dfbb5005}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4b029b40-997f-4117-bada-cc66bc7aebc5}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{66D59105-FE06-43A4-B292-EB0097E9EB74}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66d59105-fe06-43a4-b292-eb0097e9eb74}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{7CC46B97-117E-4C62-B075-D97D125137B6}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7CC46B97-117E-4C62-B075-D97D125137B6}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7CC46B97-117E-4C62-B075-D97D125137B6}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7cc46b97-117e-4c62-b075-d97d125137b6}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{80BAD9F0-C176-4807-9C9C-45DB6AEFB02A}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{80BAD9F0-C176-4807-9C9C-45DB6AEFB02A}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{80BAD9F0-C176-4807-9C9C-45DB6AEFB02A}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{80bad9f0-c176-4807-9c9c-45db6aefb02a}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8aadc8b2-562b-407b-88b3-916140226cbc}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9103C314-C4E2-4463-8934-B19BCB46236D}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9103c314-c4e2-4463-8934-b19bcb46236d}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97cef41c-5055-474a-855a-892d4fe3e596}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bec9ae26-225d-4ebe-a10f-9b292833f560}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d375ee64-f893-498a-a0e9-0e9829c88c3d}, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Quarantined, [2865], [341522],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VideoDownloadConverter, Quarantined, [522], [301125],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\TYPELIB\{385F1935-3784-48D0-A61F-6385493DED3C}, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\INTERFACE\{4A3D2621-C879-47E3-969D-F4AD049DEC1B}, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4A3D2621-C879-47E3-969D-F4AD049DEC1B}, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4A3D2621-C879-47E3-969D-F4AD049DEC1B}, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{385F1935-3784-48D0-A61F-6385493DED3C}, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{385F1935-3784-48D0-A61F-6385493DED3C}, Quarantined, [522], [365288],1.0.5082
 
Registry Value: 11
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1733b2b4-aa70-4f7a-861b-445e684a147f}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3d429207-4689-492d-a0e5-cdc5dfbb5005}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4b029b40-997f-4117-bada-cc66bc7aebc5}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66d59105-fe06-43a4-b292-eb0097e9eb74}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7cc46b97-117e-4c62-b075-d97d125137b6}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{80bad9f0-c176-4807-9c9c-45db6aefb02a}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8aadc8b2-562b-407b-88b3-916140226cbc}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9103c314-c4e2-4463-8934-b19bcb46236d}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97cef41c-5055-474a-855a-892d4fe3e596}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bec9ae26-225d-4ebe-a10f-9b292833f560}|APPPATH, Quarantined, [1681], [443670],1.0.5082
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d375ee64-f893-498a-a0e9-0e9829c88c3d}|APPPATH, Quarantined, [1681], [443670],1.0.5082
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 20
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\fonts, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\swf, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\USERS\EVA JACKSON\APPDATA\LOCAL\VideoDownloadConverter_4z, Quarantined, [1681], [443673],1.0.5082
 
File: 115
PUP.Optional.MindSpark.Generic, C:\USERS\EVA JACKSON\APPDATA\LOCAL\VideoDownloadConverter_4z\UrlFolderExtension.ufm, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\css\ms-vdc-snippet.2.0.0.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\icon.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\icon.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\icon_active.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\icon_active.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\rateUISprite.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\images\VideoDownloadConverter_HJ.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\js\Background-2.0.0.min.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\js\Review-2.0.0.min.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\js\vdc.2.0.0.min.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\anemone-1.2.7.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\ChromeReview.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\i18nImporter.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\msvdc.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\msvdc.min.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\widget-api-1.4.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\libs\widget-api-1.5.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\Background.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\lang-en.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\6944aa00c902d0ed8c5b1c6cd7bdfd4340218210\2.0.0\manifest.json, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\css\App.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\css\App.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\css\reset.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\css\reset.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Bold.eot, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Bold.ttf, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Bold.woff, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Medium.eot, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Medium.ttf, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Medium.woff, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Regular.eot, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Regular.ttf, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\font\Roboto-Regular.woff, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\PlayBttn.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\BlackBK.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Breakouts.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Breakouts_2.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\DD_closed.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\DD_open.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\DD_ScrollHandle.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\DD_Scroll_BK.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\DD_Scroll_handleAlt.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\favicon.ico, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Listen.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Listen.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\PlayMusic.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\PlayMusic.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Scroll_BK.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Scroll_Break.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Scroll_Thumb.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\Selection_Break.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\SettingsBreak.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\StationBreak.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\images\temp_blue.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\js\Background.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\js\Player.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\js\Widget.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\App.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\Background.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\lang-en.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\manifest.json, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\705d46d8b2604edccc9306042209718003e77462\1.0.3\Player.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-allin1.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-allin1.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-audio.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-audio.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-image.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-image.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\App-vdc3.min.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\de.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\es.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\fr.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\css\pt.css, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\fonts\cabin.eot, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\fonts\cabin.woff, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\AudioToAudio_AYZ.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\browse.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\chrome_review_icon_allin1.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\chrome_review_icon_image.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\DropBoxArrow.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\FileType.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-allin1.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-allin1.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-audio.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-audio.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-image.bmp, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\icon-image.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\rateUISprite.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\spinner.gif, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\sprites-allin1.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\sprites-audio.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\sprites-image.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\images\sprites-vdc3.png, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\js\Background.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\js\Review.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\js\Widget.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\swf\Converter.swf, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\App.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\Background.html, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\lang-en.js, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\ff007b1b91a2f486b74acc3f6929bfe914c88987\1.0.2\manifest.json, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark.Generic, C:\Users\Eva Jackson\AppData\Local\VideoDownloadConverter_4z\UrlFolderExtension.uf1, Quarantined, [1681], [443673],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\GALASOFT.MVVMLIGHT.WPF4.DLL, Quarantined, [522], [301125],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\FFMPEG.EXE, Quarantined, [522], [301125],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\IAC.UNIFIEDLOGGING.DLL, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\UNINSTALL.EXE, Quarantined, [522], [301125],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\VDCSCRIPTHELPER.DLL, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\IAC.HELPERS.DLL, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, C:\PROGRAM FILES (X86)\VIDEODOWNLOADCONVERTER\VIDEODOWNLOADCONVERTER.EXE, Quarantined, [522], [301125],1.0.5082
PUP.Optional.MindSpark, C:\USERS\EVA JACKSON\DOWNLOADS\MAPSGALAXY.52FD636D61024EDEA64441172ACA91D9 (1).EXE, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, C:\USERS\EVA JACKSON\DOWNLOADS\MAPSGALAXY.52FD636D61024EDEA64441172ACA91D9.EXE, Quarantined, [522], [365288],1.0.5082
PUP.Optional.ClientConnect, C:\USERS\EVA JACKSON\DOWNLOADS\INCREDIMAIL_TSV51OOKU.EXE, Quarantined, [10622], [52325],1.0.5082
PUP.Optional.MindSpark, C:\USERS\EVA JACKSON\DOWNLOADS\ONLINEMAPFINDER.2345655BBE8F48EC90406B1595FCAE61.EXE, Quarantined, [522], [365288],1.0.5082
PUP.Optional.MindSpark, C:\USERS\EVA JACKSON\DOWNLOADS\ONLINEMAPFINDER.96BBD600BC6443149FE81B65CE340224.EXE, Quarantined, [522], [365288],1.0.5082
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
ADWCleaner log
 
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-11.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-12-2018
# Duration: 00:00:05
# OS:       Windows 7 Home Premium
# Cleaned:  34
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files (x86)\VIDEODOWNLOADCONVERTER
Deleted       C:\Users\Eva Jackson\AppData\Local\Downloaded Installers
Deleted       C:\Program Files\Plumbytes Software
Deleted       C:\Users\Eva Jackson\AppData\Local\slimware utilities inc
Deleted       C:\Users\Eva Jackson\AppData\LocalLow\iac
 
***** [ Files ] *****
 
Deleted       C:\Users\Public\Desktop\eBay.lnk
Deleted       C:\Windows\System32\drivers\swdumon.sys
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKLM\Software\Wow6432Node\VideoDownloadConverter
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Deleted       HKLM\Software\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Deleted       HKLM\Software\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Deleted       HKLM\Software\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Deleted       HKLM\Software\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vpcms.istreamplanet.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istreamplanet.com
Deleted       HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Deleted       Ask
Deleted       AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 
I'm able to copy & paste in this forum now, which is great.
DigiTechInfosolutions 1-855-268-5399 is still on the task bar. 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 13 May 2018 - 07:33 AM

Hi,

DigiTechInfosolutions 1-855-268-5399 is still on the task bar

Is this an Icon on the bottom of the Windows?
Of so can you rght click on it and delete it?

===

If not run this:

Open the Farbar program.

In the Search text area, copy and paste the following:
DigiTechInfosolutions
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 19 May 2018 - 07:11 AM

Hi,

Are you still with me?

#8 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 22 May 2018 - 10:32 PM

Sorry for the delay. 

No, it's not an icon. It's like a permanent part of the task bar. 

 

Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Eva Jackson (22-05-2018 20:10:54)
Running from C:\Users\Eva Jackson\Desktop
Boot Mode: Normal
 
================== Search Registry: "DigiTechInfosolutions" ===========
 
 
====== End of Search ======


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 23 May 2018 - 06:11 AM

Hi,

Please run the Farbar program and before you scan the computer make sure the box "Shortcut List" is checked.

Post the FRST.txt log for my review.

Let me know also if Chrome is Syncing with Other Devices.

#10 cedarrabbit

cedarrabbit
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:34 AM

Posted 28 May 2018 - 06:38 PM

Here are the scan results. The closest thing to "shortcut list" I saw was "shortcut.txt" so I checked that. 

I decided to check the task bar properties and under "Toolbars" it listed the thing I've been trying to get rid of. I unchecked it and it went away from the task bar and is no longer listed under toolbars. 

Thanks again for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Eva Jackson (administrator) on EVAJACKSON-PC (28-05-2018 18:25:44)
Running from C:\Users\Eva Jackson\Desktop
Loaded Profiles: Eva Jackson (Available Profiles: Eva Jackson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdccoms.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark) C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AOC Monitors.) C:\Program Files (x86)\i-Menu\i-Menu.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\ALU.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [lxdcmon.exe] => "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe"
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [20480 2007-02-05] (Lexmark)
HKLM\...\Run: [LXDCCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDCtime.dll,RunDLLEntry******************************************************************************************************************************* (the data entry has 59 more characters).
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [i-Menu] => C:\Program Files (x86)\i-Menu\i-Menu.exe [5210760 2012-08-20] (AOC Monitors.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-04] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Eva Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-10-05]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C2E9790-42E6-4BEE-8648-EBABAB289B88}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2E369DC-83FB-4EB1-B52F-F0E1C89B58F1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/?pc=carousel-about-en#inbox
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-05-04] (Alcatel-Lucent)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Eva Jackson\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-02-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxps://mail.google.com/mail/#inbox"
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default [2018-05-28]
CHR Extension: (Slides) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-28]
CHR Extension: (Docs) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-28]
CHR Extension: (Google Drive) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-28]
CHR Extension: (YouTube) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-28]
CHR Extension: (Adblock Plus) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (uBlock Origin) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-26]
CHR Extension: (Sheets) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-28]
CHR Extension: (Gmail) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-10-06] (WildTangent)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-02-12] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-02-12] ( )
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent) [File not signed]
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-16] (AVAST Software)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2018-05-12] (Nicomsoft Ltd.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 10:34 - 2018-05-27 10:34 - 000063002 _____ C:\Users\Eva Jackson\Desktop\Shortcut.txt
2018-05-27 10:31 - 2018-05-27 10:34 - 000053049 _____ C:\Users\Eva Jackson\Desktop\Addition.txt
2018-05-27 10:20 - 2018-05-28 18:26 - 000021128 _____ C:\Users\Eva Jackson\Desktop\FRST.txt
2018-05-22 20:10 - 2018-05-22 20:10 - 000000266 _____ C:\Users\Eva Jackson\Desktop\SearchReg.txt
2018-05-22 20:05 - 2018-05-22 20:05 - 000000000 ____D C:\Users\Eva Jackson\Desktop\FRST-OlderVersion
2018-05-22 20:02 - 2018-05-22 20:04 - 000000000 ____D C:\Users\Eva Jackson\Downloads\Downloaded Pictures
2018-05-16 17:04 - 2018-05-16 17:04 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-12 17:29 - 2018-05-12 17:36 - 000000000 ____D C:\AdwCleaner
2018-05-12 17:29 - 2018-05-12 17:29 - 007271632 _____ (Malwarebytes) C:\Users\Eva Jackson\Desktop\adwcleaner_7.1.1.exe
2018-05-12 17:01 - 2018-05-12 17:03 - 075110848 _____ (Malwarebytes ) C:\Users\Eva Jackson\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5078.exe
2018-05-12 16:43 - 2018-05-12 16:43 - 000001220 _____ C:\Users\Eva Jackson\Desktop - Shortcut.lnk
2018-05-12 16:41 - 2018-05-22 20:05 - 002413056 _____ (Farbar) C:\Users\Eva Jackson\Desktop\FRST64.exe
2018-05-09 17:56 - 2018-05-12 17:51 - 000000000 ____D C:\Users\Eva Jackson\Desktop\fixing computer may 2018
2018-05-09 17:42 - 2018-05-09 17:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-09 17:42 - 2018-05-09 17:42 - 000002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-05-09 08:09 - 2018-04-23 13:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 08:09 - 2018-04-23 13:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 08:09 - 2018-04-22 19:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 08:09 - 2018-04-22 19:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 08:09 - 2018-04-22 19:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 08:09 - 2018-04-22 19:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 08:09 - 2018-04-22 19:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 08:09 - 2018-04-22 18:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 08:09 - 2018-04-22 18:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 08:09 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 08:09 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 08:09 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 08:09 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 08:09 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 08:09 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 08:09 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 08:09 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 08:09 - 2018-04-18 11:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 08:09 - 2018-04-18 10:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 08:09 - 2018-04-11 11:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 08:09 - 2018-04-11 11:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 08:09 - 2018-04-10 14:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 08:09 - 2018-04-10 11:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 08:09 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 11:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 10:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 08:09 - 2018-04-10 10:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 08:09 - 2018-04-07 11:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 08:09 - 2018-03-14 12:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 08:09 - 2018-03-14 12:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 08:08 - 2018-04-22 19:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 08:08 - 2018-04-22 19:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 08:08 - 2018-04-22 19:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 08:08 - 2018-04-22 18:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 08:08 - 2018-04-22 18:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 08:08 - 2018-04-22 18:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 08:08 - 2018-04-22 18:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 08:08 - 2018-04-22 18:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 08:08 - 2018-04-22 18:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 08:08 - 2018-04-22 18:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 08:08 - 2018-04-22 18:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 18:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 08:08 - 2018-04-22 18:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 02:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 08:08 - 2018-04-22 02:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 08:08 - 2018-04-22 02:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 02:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 08:08 - 2018-04-22 02:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 02:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 08:08 - 2018-04-22 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 02:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 08:08 - 2018-04-22 02:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 02:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 08:08 - 2018-04-22 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 08:08 - 2018-04-22 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 01:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 08:08 - 2018-04-22 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 08:08 - 2018-04-22 01:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 01:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 08:08 - 2018-04-22 01:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 01:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 08:08 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 08:08 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 08:08 - 2018-04-18 11:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 08:08 - 2018-04-18 10:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 08:08 - 2018-04-11 11:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 08:08 - 2018-04-11 11:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 08:08 - 2018-04-10 11:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 08:08 - 2018-04-10 11:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 08:08 - 2018-03-18 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 08:08 - 2018-03-18 17:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 08:08 - 2018-03-14 12:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 08:08 - 2018-03-14 11:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 08:08 - 2018-03-14 11:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-05 11:03 - 2018-05-28 18:25 - 000000000 ____D C:\FRST
2018-05-01 20:38 - 2018-05-01 20:38 - 008688085 _____ C:\Users\Eva Jackson\Downloads\2017-11-22-VIDEO-00000935111.mp4
2018-04-28 19:09 - 2018-05-12 16:17 - 000000000 ____D C:\Users\Eva Jackson\AppData\LocalLow\Adblock Plus for IE
2018-04-28 19:09 - 2018-04-28 19:09 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2018-04-28 19:02 - 2018-04-28 19:02 - 000000556 _____ C:\Users\Eva Jackson\Desktop\Tech Support.txt
2018-04-28 18:41 - 2018-04-28 18:43 - 015813864 _____ (Piriform Ltd) C:\Users\Eva Jackson\Downloads\ccsetup542.exe
2018-04-28 18:27 - 2018-04-28 18:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-28 18:25 - 2018-04-28 18:27 - 074330032 _____ (Malwarebytes ) C:\Users\Eva Jackson\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4904.exe
2018-04-28 18:04 - 2018-04-28 18:04 - 000000000 ____D C:\DigiTechInfosolutions 1-855-268-5399
2018-04-28 17:58 - 2018-04-28 17:58 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2018-04-28 17:58 - 2018-04-28 17:58 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2018-04-28 17:57 - 2018-04-28 17:57 - 000752296 _____ C:\Users\Eva Jackson\Downloads\Adware Removal Tool by TSA.exe
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
2018-04-28 17:42 - 2018-04-28 17:42 - 000000104 _____ C:\Users\Eva Jackson\Documents\tech support.txt
2018-04-28 16:02 - 2018-04-28 16:02 - 000000000 ____D C:\ProgramData\Logmein
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoToAssist Remote Support Customer
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoTo Opener
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-26 14:14 - 2012-08-16 03:02 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2018-05-22 20:01 - 2013-09-08 20:33 - 000646656 ___SH C:\Users\Eva Jackson\Downloads\Thumbs.db
2018-05-17 16:32 - 2016-09-15 07:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 06:25 - 2016-09-15 07:55 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 06:25 - 2016-09-15 07:55 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 17:04 - 2017-11-16 09:37 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-16 17:04 - 2017-03-16 08:52 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-16 17:04 - 2014-10-03 07:44 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-16 17:04 - 2014-10-03 07:44 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-16 17:04 - 2013-02-08 11:44 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-16 17:03 - 2018-01-05 07:07 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-16 17:03 - 2013-02-08 11:44 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-14 21:53 - 2012-08-07 07:01 - 001347072 ___SH C:\Users\Eva Jackson\Documents\Thumbs.db
2018-05-14 21:22 - 2012-08-07 07:01 - 011737088 _____ C:\Users\Eva Jackson\Documents\Kimler history.ppt
2018-05-13 12:29 - 2017-03-22 09:55 - 000003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468803912
2018-05-12 17:52 - 2014-05-11 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-12 17:41 - 2014-10-14 22:02 - 000020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2018-05-12 17:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-12 16:56 - 2012-08-07 07:00 - 000190976 ___SH C:\Users\Eva Jackson\Desktop\Thumbs.db
2018-05-12 16:43 - 2012-08-07 06:54 - 000000000 ____D C:\Users\Eva Jackson
2018-05-12 16:30 - 2013-03-21 20:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-12 11:25 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw80af08a1fe7b738a.tmp
2018-05-10 04:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-05-10 03:54 - 2009-07-14 00:13 - 000800032 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-10 03:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-05-10 03:49 - 2009-07-13 23:45 - 000461816 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 03:24 - 2013-08-15 03:01 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 03:10 - 2017-10-12 03:11 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 03:09 - 2012-08-19 09:53 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 03:05 - 2012-08-07 07:05 - 000776262 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 17:42 - 2015-12-18 21:04 - 000003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\ProgramData\Adobe
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-01 18:26 - 2016-09-15 07:56 - 000002187 _____ C:\Users\Public\Desktop\Email and internet.lnk
2018-04-30 22:07 - 2012-08-19 09:02 - 000000000 ____D C:\Program Files\Lx_cats
2018-04-28 18:11 - 2011-08-03 00:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-28 16:08 - 2012-08-07 06:54 - 000117936 _____ C:\Users\Eva Jackson\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 16:05 - 2015-09-03 08:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== Files in the root of some directories =======
 
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ () C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 09:27
 
==================== End of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Eva Jackson (administrator) on EVAJACKSON-PC (28-05-2018 18:25:44)
Running from C:\Users\Eva Jackson\Desktop
Loaded Profiles: Eva Jackson (Available Profiles: Eva Jackson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdccoms.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark) C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AOC Monitors.) C:\Program Files (x86)\i-Menu\i-Menu.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\ALU.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [lxdcmon.exe] => "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe"
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [20480 2007-02-05] (Lexmark)
HKLM\...\Run: [LXDCCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDCtime.dll,RunDLLEntry******************************************************************************************************************************* (the data entry has 59 more characters).
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [i-Menu] => C:\Program Files (x86)\i-Menu\i-Menu.exe [5210760 2012-08-20] (AOC Monitors.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-04] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Eva Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-10-05]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C2E9790-42E6-4BEE-8648-EBABAB289B88}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2E369DC-83FB-4EB1-B52F-F0E1C89B58F1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/?pc=carousel-about-en#inbox
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-05-04] (Alcatel-Lucent)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Eva Jackson\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-02-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxps://mail.google.com/mail/#inbox"
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default [2018-05-28]
CHR Extension: (Slides) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-28]
CHR Extension: (Docs) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-28]
CHR Extension: (Google Drive) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-28]
CHR Extension: (YouTube) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-28]
CHR Extension: (Adblock Plus) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (uBlock Origin) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-26]
CHR Extension: (Sheets) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-28]
CHR Extension: (Gmail) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-10-06] (WildTangent)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-02-12] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-02-12] ( )
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent) [File not signed]
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-16] (AVAST Software)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2018-05-12] (Nicomsoft Ltd.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 10:34 - 2018-05-27 10:34 - 000063002 _____ C:\Users\Eva Jackson\Desktop\Shortcut.txt
2018-05-27 10:31 - 2018-05-27 10:34 - 000053049 _____ C:\Users\Eva Jackson\Desktop\Addition.txt
2018-05-27 10:20 - 2018-05-28 18:26 - 000021128 _____ C:\Users\Eva Jackson\Desktop\FRST.txt
2018-05-22 20:10 - 2018-05-22 20:10 - 000000266 _____ C:\Users\Eva Jackson\Desktop\SearchReg.txt
2018-05-22 20:05 - 2018-05-22 20:05 - 000000000 ____D C:\Users\Eva Jackson\Desktop\FRST-OlderVersion
2018-05-22 20:02 - 2018-05-22 20:04 - 000000000 ____D C:\Users\Eva Jackson\Downloads\Downloaded Pictures
2018-05-16 17:04 - 2018-05-16 17:04 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-12 17:29 - 2018-05-12 17:36 - 000000000 ____D C:\AdwCleaner
2018-05-12 17:29 - 2018-05-12 17:29 - 007271632 _____ (Malwarebytes) C:\Users\Eva Jackson\Desktop\adwcleaner_7.1.1.exe
2018-05-12 17:01 - 2018-05-12 17:03 - 075110848 _____ (Malwarebytes ) C:\Users\Eva Jackson\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5078.exe
2018-05-12 16:43 - 2018-05-12 16:43 - 000001220 _____ C:\Users\Eva Jackson\Desktop - Shortcut.lnk
2018-05-12 16:41 - 2018-05-22 20:05 - 002413056 _____ (Farbar) C:\Users\Eva Jackson\Desktop\FRST64.exe
2018-05-09 17:56 - 2018-05-12 17:51 - 000000000 ____D C:\Users\Eva Jackson\Desktop\fixing computer may 2018
2018-05-09 17:42 - 2018-05-09 17:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-09 17:42 - 2018-05-09 17:42 - 000002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-05-09 08:09 - 2018-04-23 13:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 08:09 - 2018-04-23 13:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 08:09 - 2018-04-22 19:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 08:09 - 2018-04-22 19:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 08:09 - 2018-04-22 19:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 08:09 - 2018-04-22 19:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 08:09 - 2018-04-22 19:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 08:09 - 2018-04-22 18:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 08:09 - 2018-04-22 18:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 08:09 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 08:09 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 08:09 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 08:09 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 08:09 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 08:09 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 08:09 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 08:09 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 08:09 - 2018-04-18 11:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 08:09 - 2018-04-18 10:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 08:09 - 2018-04-11 11:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 08:09 - 2018-04-11 11:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 08:09 - 2018-04-10 14:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 08:09 - 2018-04-10 11:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 08:09 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 11:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 10:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 08:09 - 2018-04-10 10:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 08:09 - 2018-04-07 11:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 08:09 - 2018-03-14 12:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 08:09 - 2018-03-14 12:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 08:08 - 2018-04-22 19:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 08:08 - 2018-04-22 19:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 08:08 - 2018-04-22 19:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 08:08 - 2018-04-22 18:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 08:08 - 2018-04-22 18:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 08:08 - 2018-04-22 18:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 08:08 - 2018-04-22 18:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 08:08 - 2018-04-22 18:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 08:08 - 2018-04-22 18:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 08:08 - 2018-04-22 18:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 08:08 - 2018-04-22 18:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 18:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 08:08 - 2018-04-22 18:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 02:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 08:08 - 2018-04-22 02:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 08:08 - 2018-04-22 02:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 02:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 08:08 - 2018-04-22 02:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 02:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 08:08 - 2018-04-22 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 02:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 08:08 - 2018-04-22 02:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 02:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 08:08 - 2018-04-22 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 08:08 - 2018-04-22 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 01:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 08:08 - 2018-04-22 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 08:08 - 2018-04-22 01:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 01:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 08:08 - 2018-04-22 01:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 01:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 08:08 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 08:08 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 08:08 - 2018-04-18 11:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 08:08 - 2018-04-18 10:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 08:08 - 2018-04-11 11:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 08:08 - 2018-04-11 11:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 08:08 - 2018-04-10 11:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 08:08 - 2018-04-10 11:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 08:08 - 2018-03-18 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 08:08 - 2018-03-18 17:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 08:08 - 2018-03-14 12:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 08:08 - 2018-03-14 11:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 08:08 - 2018-03-14 11:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-05 11:03 - 2018-05-28 18:25 - 000000000 ____D C:\FRST
2018-05-01 20:38 - 2018-05-01 20:38 - 008688085 _____ C:\Users\Eva Jackson\Downloads\2017-11-22-VIDEO-00000935111.mp4
2018-04-28 19:09 - 2018-05-12 16:17 - 000000000 ____D C:\Users\Eva Jackson\AppData\LocalLow\Adblock Plus for IE
2018-04-28 19:09 - 2018-04-28 19:09 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2018-04-28 19:02 - 2018-04-28 19:02 - 000000556 _____ C:\Users\Eva Jackson\Desktop\Tech Support.txt
2018-04-28 18:41 - 2018-04-28 18:43 - 015813864 _____ (Piriform Ltd) C:\Users\Eva Jackson\Downloads\ccsetup542.exe
2018-04-28 18:27 - 2018-04-28 18:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-28 18:25 - 2018-04-28 18:27 - 074330032 _____ (Malwarebytes ) C:\Users\Eva Jackson\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4904.exe
2018-04-28 18:04 - 2018-04-28 18:04 - 000000000 ____D C:\DigiTechInfosolutions 1-855-268-5399
2018-04-28 17:58 - 2018-04-28 17:58 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2018-04-28 17:58 - 2018-04-28 17:58 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2018-04-28 17:57 - 2018-04-28 17:57 - 000752296 _____ C:\Users\Eva Jackson\Downloads\Adware Removal Tool by TSA.exe
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
2018-04-28 17:42 - 2018-04-28 17:42 - 000000104 _____ C:\Users\Eva Jackson\Documents\tech support.txt
2018-04-28 16:02 - 2018-04-28 16:02 - 000000000 ____D C:\ProgramData\Logmein
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoToAssist Remote Support Customer
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoTo Opener
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-26 14:14 - 2012-08-16 03:02 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2018-05-22 20:01 - 2013-09-08 20:33 - 000646656 ___SH C:\Users\Eva Jackson\Downloads\Thumbs.db
2018-05-17 16:32 - 2016-09-15 07:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 06:25 - 2016-09-15 07:55 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 06:25 - 2016-09-15 07:55 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 17:04 - 2017-11-16 09:37 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-16 17:04 - 2017-03-16 08:52 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-16 17:04 - 2014-10-03 07:44 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-16 17:04 - 2014-10-03 07:44 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-16 17:04 - 2013-02-08 11:44 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-16 17:03 - 2018-01-05 07:07 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-16 17:03 - 2013-02-08 11:44 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-14 21:53 - 2012-08-07 07:01 - 001347072 ___SH C:\Users\Eva Jackson\Documents\Thumbs.db
2018-05-14 21:22 - 2012-08-07 07:01 - 011737088 _____ C:\Users\Eva Jackson\Documents\Kimler history.ppt
2018-05-13 12:29 - 2017-03-22 09:55 - 000003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468803912
2018-05-12 17:52 - 2014-05-11 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-12 17:41 - 2014-10-14 22:02 - 000020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2018-05-12 17:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-12 16:56 - 2012-08-07 07:00 - 000190976 ___SH C:\Users\Eva Jackson\Desktop\Thumbs.db
2018-05-12 16:43 - 2012-08-07 06:54 - 000000000 ____D C:\Users\Eva Jackson
2018-05-12 16:30 - 2013-03-21 20:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-12 11:25 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw80af08a1fe7b738a.tmp
2018-05-10 04:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-05-10 03:54 - 2009-07-14 00:13 - 000800032 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-10 03:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-05-10 03:49 - 2009-07-13 23:45 - 000461816 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 03:24 - 2013-08-15 03:01 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 03:10 - 2017-10-12 03:11 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 03:09 - 2012-08-19 09:53 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 03:05 - 2012-08-07 07:05 - 000776262 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 17:42 - 2015-12-18 21:04 - 000003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\ProgramData\Adobe
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-01 18:26 - 2016-09-15 07:56 - 000002187 _____ C:\Users\Public\Desktop\Email and internet.lnk
2018-04-30 22:07 - 2012-08-19 09:02 - 000000000 ____D C:\Program Files\Lx_cats
2018-04-28 18:11 - 2011-08-03 00:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-28 16:08 - 2012-08-07 06:54 - 000117936 _____ C:\Users\Eva Jackson\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 16:05 - 2015-09-03 08:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== Files in the root of some directories =======
 
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ () C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 09:27
 
==================== End of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Eva Jackson (administrator) on EVAJACKSON-PC (28-05-2018 18:25:44)
Running from C:\Users\Eva Jackson\Desktop
Loaded Profiles: Eva Jackson (Available Profiles: Eva Jackson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdccoms.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lexmark) C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AOC Monitors.) C:\Program Files (x86)\i-Menu\i-Menu.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\ALU.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [lxdcmon.exe] => "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe"
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [20480 2007-02-05] (Lexmark)
HKLM\...\Run: [LXDCCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDCtime.dll,RunDLLEntry******************************************************************************************************************************* (the data entry has 59 more characters).
HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [i-Menu] => C:\Program Files (x86)\i-Menu\i-Menu.exe [5210760 2012-08-20] (AOC Monitors.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [SBrowserCheck] => C:\ProgramData\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe [4788840 2018-04-04] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Eva Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-10-05]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3C2E9790-42E6-4BEE-8648-EBABAB289B88}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D2E369DC-83FB-4EB1-B52F-F0E1C89B58F1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.google.com/mail/?pc=carousel-about-en#inbox
HKU\S-1-5-21-1238846466-3069517133-3292641801-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = 
SearchScopes: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110802231658.dll [2011-03-13] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-08-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1238846466-3069517133-3292641801-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-08-10] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-05-04] (Alcatel-Lucent)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Eva Jackson\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-02-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://facebook.com/","hxxps://mail.google.com/mail/#inbox"
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default [2018-05-28]
CHR Extension: (Slides) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-28]
CHR Extension: (Docs) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-28]
CHR Extension: (Google Drive) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-28]
CHR Extension: (YouTube) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-28]
CHR Extension: (Adblock Plus) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (uBlock Origin) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-26]
CHR Extension: (Sheets) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-28]
CHR Extension: (Gmail) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR Profile: C:\Users\Eva Jackson\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-10-06] (WildTangent)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-02-12] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-02-12] ( )
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent) [File not signed]
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-16] (AVAST Software)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2018-05-12] (Nicomsoft Ltd.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 10:34 - 2018-05-27 10:34 - 000063002 _____ C:\Users\Eva Jackson\Desktop\Shortcut.txt
2018-05-27 10:31 - 2018-05-27 10:34 - 000053049 _____ C:\Users\Eva Jackson\Desktop\Addition.txt
2018-05-27 10:20 - 2018-05-28 18:26 - 000021128 _____ C:\Users\Eva Jackson\Desktop\FRST.txt
2018-05-22 20:10 - 2018-05-22 20:10 - 000000266 _____ C:\Users\Eva Jackson\Desktop\SearchReg.txt
2018-05-22 20:05 - 2018-05-22 20:05 - 000000000 ____D C:\Users\Eva Jackson\Desktop\FRST-OlderVersion
2018-05-22 20:02 - 2018-05-22 20:04 - 000000000 ____D C:\Users\Eva Jackson\Downloads\Downloaded Pictures
2018-05-16 17:04 - 2018-05-16 17:04 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-12 17:29 - 2018-05-12 17:36 - 000000000 ____D C:\AdwCleaner
2018-05-12 17:29 - 2018-05-12 17:29 - 007271632 _____ (Malwarebytes) C:\Users\Eva Jackson\Desktop\adwcleaner_7.1.1.exe
2018-05-12 17:01 - 2018-05-12 17:03 - 075110848 _____ (Malwarebytes ) C:\Users\Eva Jackson\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5078.exe
2018-05-12 16:43 - 2018-05-12 16:43 - 000001220 _____ C:\Users\Eva Jackson\Desktop - Shortcut.lnk
2018-05-12 16:41 - 2018-05-22 20:05 - 002413056 _____ (Farbar) C:\Users\Eva Jackson\Desktop\FRST64.exe
2018-05-09 17:56 - 2018-05-12 17:51 - 000000000 ____D C:\Users\Eva Jackson\Desktop\fixing computer may 2018
2018-05-09 17:42 - 2018-05-09 17:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-09 17:42 - 2018-05-09 17:42 - 000002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-05-09 08:09 - 2018-04-23 13:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-09 08:09 - 2018-04-23 13:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 08:09 - 2018-04-22 19:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 08:09 - 2018-04-22 19:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-09 08:09 - 2018-04-22 19:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-09 08:09 - 2018-04-22 19:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-09 08:09 - 2018-04-22 19:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-09 08:09 - 2018-04-22 19:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-09 08:09 - 2018-04-22 19:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 08:09 - 2018-04-22 18:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-09 08:09 - 2018-04-22 18:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 08:09 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 08:09 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 08:09 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 08:09 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 08:09 - 2018-04-22 02:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-09 08:09 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 08:09 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 08:09 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 08:09 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 08:09 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 08:09 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 08:09 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 08:09 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 08:09 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 08:09 - 2018-04-18 11:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 08:09 - 2018-04-18 10:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 08:09 - 2018-04-11 11:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 08:09 - 2018-04-11 11:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 08:09 - 2018-04-10 14:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 08:09 - 2018-04-10 11:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2018-05-09 08:09 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 11:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 08:09 - 2018-04-10 11:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 08:09 - 2018-04-10 10:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 08:09 - 2018-04-10 10:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-09 08:09 - 2018-04-10 10:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-09 08:09 - 2018-04-07 11:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-05-09 08:09 - 2018-03-14 12:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 08:09 - 2018-03-14 12:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 08:09 - 2018-03-14 11:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 08:09 - 2018-03-14 11:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 08:08 - 2018-04-22 19:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-09 08:08 - 2018-04-22 19:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-09 08:08 - 2018-04-22 19:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-09 08:08 - 2018-04-22 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-09 08:08 - 2018-04-22 18:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-09 08:08 - 2018-04-22 18:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-09 08:08 - 2018-04-22 18:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-09 08:08 - 2018-04-22 18:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-09 08:08 - 2018-04-22 18:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-09 08:08 - 2018-04-22 18:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-09 08:08 - 2018-04-22 18:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-05-09 08:08 - 2018-04-22 18:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-09 08:08 - 2018-04-22 18:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-09 08:08 - 2018-04-22 18:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-09 08:08 - 2018-04-22 18:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-09 08:08 - 2018-04-22 18:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-09 08:08 - 2018-04-22 18:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-09 08:08 - 2018-04-22 02:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-09 08:08 - 2018-04-22 02:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-09 08:08 - 2018-04-22 02:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 02:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-09 08:08 - 2018-04-22 02:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 02:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 02:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-09 08:08 - 2018-04-22 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-09 08:08 - 2018-04-22 02:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 02:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-09 08:08 - 2018-04-22 02:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 02:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 02:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-09 08:08 - 2018-04-22 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-09 08:08 - 2018-04-22 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-09 08:08 - 2018-04-22 02:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-09 08:08 - 2018-04-22 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-09 08:08 - 2018-04-22 01:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-09 08:08 - 2018-04-22 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 08:08 - 2018-04-22 01:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-09 08:08 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-09 08:08 - 2018-04-22 01:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-09 08:08 - 2018-04-22 01:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-09 08:08 - 2018-04-22 01:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-09 08:08 - 2018-04-22 01:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-09 08:08 - 2018-04-22 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-09 08:08 - 2018-04-22 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-09 08:08 - 2018-04-22 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-09 08:08 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 08:08 - 2018-04-22 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-09 08:08 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 08:08 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 08:08 - 2018-04-18 11:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2018-05-09 08:08 - 2018-04-18 10:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2018-05-09 08:08 - 2018-04-18 10:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2018-05-09 08:08 - 2018-04-11 11:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 08:08 - 2018-04-11 11:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 08:08 - 2018-04-10 11:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2018-05-09 08:08 - 2018-04-10 11:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2018-05-09 08:08 - 2018-03-18 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-09 08:08 - 2018-03-18 17:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-09 08:08 - 2018-03-14 12:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 08:08 - 2018-03-14 12:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2018-05-09 08:08 - 2018-03-14 11:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-05-09 08:08 - 2018-03-14 11:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 08:08 - 2018-03-14 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 08:08 - 2018-03-14 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-05 11:03 - 2018-05-28 18:25 - 000000000 ____D C:\FRST
2018-05-01 20:38 - 2018-05-01 20:38 - 008688085 _____ C:\Users\Eva Jackson\Downloads\2017-11-22-VIDEO-00000935111.mp4
2018-04-28 19:09 - 2018-05-12 16:17 - 000000000 ____D C:\Users\Eva Jackson\AppData\LocalLow\Adblock Plus for IE
2018-04-28 19:09 - 2018-04-28 19:09 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2018-04-28 19:02 - 2018-04-28 19:02 - 000000556 _____ C:\Users\Eva Jackson\Desktop\Tech Support.txt
2018-04-28 18:41 - 2018-04-28 18:43 - 015813864 _____ (Piriform Ltd) C:\Users\Eva Jackson\Downloads\ccsetup542.exe
2018-04-28 18:27 - 2018-04-28 18:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-28 18:25 - 2018-04-28 18:27 - 074330032 _____ (Malwarebytes ) C:\Users\Eva Jackson\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4904.exe
2018-04-28 18:04 - 2018-04-28 18:04 - 000000000 ____D C:\DigiTechInfosolutions 1-855-268-5399
2018-04-28 17:58 - 2018-04-28 17:58 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2018-04-28 17:58 - 2018-04-28 17:58 - 000000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2018-04-28 17:57 - 2018-04-28 17:57 - 000752296 _____ C:\Users\Eva Jackson\Downloads\Adware Removal Tool by TSA.exe
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
2018-04-28 17:42 - 2018-04-28 17:42 - 000000104 _____ C:\Users\Eva Jackson\Documents\tech support.txt
2018-04-28 16:02 - 2018-04-28 16:02 - 000000000 ____D C:\ProgramData\Logmein
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoToAssist Remote Support Customer
2018-04-28 15:58 - 2018-04-28 15:58 - 000000000 ____D C:\Users\Eva Jackson\AppData\Local\GoTo Opener
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-28 08:01 - 2009-07-13 23:45 - 000016976 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-26 14:14 - 2012-08-16 03:02 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2018-05-22 20:01 - 2013-09-08 20:33 - 000646656 ___SH C:\Users\Eva Jackson\Downloads\Thumbs.db
2018-05-17 16:32 - 2016-09-15 07:56 - 000002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 06:25 - 2016-09-15 07:55 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 06:25 - 2016-09-15 07:55 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 17:04 - 2017-11-16 09:37 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-16 17:04 - 2017-03-16 08:52 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-16 17:04 - 2014-10-03 07:44 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-16 17:04 - 2014-10-03 07:44 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-16 17:04 - 2013-03-16 16:04 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-16 17:04 - 2013-02-08 11:44 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-16 17:04 - 2012-09-02 17:45 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-16 17:03 - 2018-01-05 07:07 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-16 17:03 - 2013-02-08 11:44 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-14 21:53 - 2012-08-07 07:01 - 001347072 ___SH C:\Users\Eva Jackson\Documents\Thumbs.db
2018-05-14 21:22 - 2012-08-07 07:01 - 011737088 _____ C:\Users\Eva Jackson\Documents\Kimler history.ppt
2018-05-13 12:29 - 2017-03-22 09:55 - 000003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468803912
2018-05-12 17:52 - 2014-05-11 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-12 17:41 - 2014-10-14 22:02 - 000020784 _____ (Nicomsoft Ltd.) C:\Windows\system32\Drivers\mi2c.sys
2018-05-12 17:37 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-12 16:56 - 2012-08-07 07:00 - 000190976 ___SH C:\Users\Eva Jackson\Desktop\Thumbs.db
2018-05-12 16:43 - 2012-08-07 06:54 - 000000000 ____D C:\Users\Eva Jackson
2018-05-12 16:30 - 2013-03-21 20:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-12 11:25 - 2012-09-02 17:45 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\asw80af08a1fe7b738a.tmp
2018-05-10 04:38 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-05-10 03:54 - 2009-07-14 00:13 - 000800032 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-10 03:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-05-10 03:49 - 2009-07-13 23:45 - 000461816 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-10 03:24 - 2013-08-15 03:01 - 000000000 ____D C:\Windows\system32\MRT
2018-05-10 03:10 - 2017-10-12 03:11 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-10 03:09 - 2012-08-19 09:53 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-10 03:05 - 2012-08-07 07:05 - 000776262 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-09 17:42 - 2015-12-18 21:04 - 000003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\ProgramData\Adobe
2018-05-09 17:42 - 2011-08-03 01:30 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-01 18:26 - 2016-09-15 07:56 - 000002187 _____ C:\Users\Public\Desktop\Email and internet.lnk
2018-04-30 22:07 - 2012-08-19 09:02 - 000000000 ____D C:\Program Files\Lx_cats
2018-04-28 18:11 - 2011-08-03 00:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-28 16:08 - 2012-08-07 06:54 - 000117936 _____ C:\Users\Eva Jackson\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-28 16:05 - 2015-09-03 08:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
 
==================== Files in the root of some directories =======
 
2018-04-28 17:52 - 2018-04-28 17:52 - 000007609 _____ () C:\Users\Eva Jackson\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 09:27
 
==================== End of FRST.txt ============================
 
 


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 29 May 2018 - 06:24 AM

Hi,

All clean.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users