Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus keeps turning off and browser keeps getting hijacked with popups


  • This topic is locked This topic is locked
10 replies to this topic

#1 miltonq

miltonq

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 May 2018 - 07:23 PM

Can someone please help?

Running Win 10 machine and antivirus (Win Defender) keeps turning up off even though I keep turning it on.  Also, browser keeps getting pop-ups.  I have tried all I can with normal malware removal tools.

Can someone please help?



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 27 May 2018 - 07:28 PM

Greetings miltonq and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this. If necessary, download the below program onto a USB device from a clean computer and transfer it over to the infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 miltonq

miltonq
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 May 2018 - 07:33 PM

Hi Gary, thanks for your assistance.  You can call me Jason

Below are the logs requested...

 

FRST results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Madeline Milton (administrator) on DESKTOP-Q8V0OAH (27-05-2018 19:30:38)
Running from C:\Users\Madeline Milton\Downloads
Loaded Profiles: Madeline Milton (Available Profiles: Madeline Milton & defaultuser1)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1941808629-963242978-3017579928-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1887272 2017-06-20] (ExpanDrive, Inc.)
HKU\S-1-5-21-1941808629-963242978-3017579928-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [10001320 2016-03-28] (RedFox)
HKU\S-1-5-21-1941808629-963242978-3017579928-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-22] (SUPERAntiSpyware)
SSODL: EldosMountNotificator-cbfs6 - {E7756696-81EC-4CA4-9D71-73710311AF04} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {E7756696-81EC-4CA4-9D71-73710311AF04} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shutterfly Uploader.lnk [2017-11-27]
ShortcutTarget: Shutterfly Uploader.lnk -> C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe (Shutterfly, Inc.)
Startup: C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2017-09-24]
ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4e5d30d1-e327-483e-b983-b8480228e53c}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{ff976279-a0fc-49d7-a545-58e92d909b15}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-12] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Slides) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Honey) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-19]
CHR Extension: (Sheets) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-01]
CHR Extension: (SeasonGamer Advertising) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaamcnenoiiddpdolncffmehldmkhan [2018-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-25]
CHR Profile: C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2017-01-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [24568 2015-01-16] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [99320 2015-01-16] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [83960 2015-01-16] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [128504 2015-01-16] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-27] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [100312 2015-01-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TrueColor; C:\WINDOWS\system32\DRIVERS\TrueColor.sys [35952 2014-08-12] ()
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-25] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 19:30 - 2018-05-27 19:31 - 000014099 _____ C:\Users\Madeline Milton\Downloads\FRST.txt
2018-05-27 19:30 - 2018-05-27 19:30 - 002413056 _____ (Farbar) C:\Users\Madeline Milton\Downloads\FRST64.exe
2018-05-27 19:30 - 2018-05-27 19:30 - 000000000 ____D C:\FRST
2018-05-27 19:15 - 2018-05-27 19:15 - 001773568 _____ (Farbar) C:\Users\Madeline Milton\Downloads\FRST.exe
2018-05-27 19:08 - 2018-05-27 19:08 - 005660506 _____ (Swearware) C:\Users\Madeline Milton\Downloads\ComboFix.exe
2018-05-27 19:07 - 2018-05-27 19:07 - 000000571 _____ C:\Users\Madeline Milton\Desktop\JRT.txt
2018-05-27 19:03 - 2018-05-27 19:03 - 001790024 _____ (Malwarebytes) C:\Users\Madeline Milton\Downloads\JRT (1).exe
2018-05-27 19:02 - 2018-05-27 19:02 - 001790024 _____ (Malwarebytes) C:\Users\Madeline Milton\Downloads\JRT.exe
2018-05-27 18:57 - 2018-05-27 18:58 - 000000000 ____D C:\AdwCleaner
2018-05-27 18:56 - 2018-05-27 18:56 - 007271632 _____ (Malwarebytes) C:\Users\Madeline Milton\Downloads\AdwCleaner.exe
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ___HD C:\OneDriveTemp
2018-05-27 18:45 - 2018-05-27 18:53 - 000000562 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 651b4c68-784b-48be-8348-0ae6615b6a21.job
2018-05-27 18:45 - 2018-05-27 18:53 - 000000562 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1357cef9-5958-4271-a18a-8d1794c6bfc6.job
2018-05-27 18:45 - 2018-05-27 18:45 - 000003822 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 1357cef9-5958-4271-a18a-8d1794c6bfc6
2018-05-27 18:45 - 2018-05-27 18:45 - 000003740 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 651b4c68-784b-48be-8348-0ae6615b6a21
2018-05-27 18:44 - 2018-05-27 18:44 - 000001855 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-05-27 18:44 - 2018-05-27 18:44 - 000000000 ____D C:\Users\Madeline Milton\AppData\Roaming\SUPERAntiSpyware.com
2018-05-27 18:44 - 2018-05-27 18:44 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-05-27 18:44 - 2018-05-27 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-27 18:44 - 2018-05-27 18:44 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-05-27 18:32 - 2018-05-27 18:58 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-27 18:32 - 2018-05-27 18:32 - 033562344 _____ (SUPERAntiSpyware) C:\Users\Madeline Milton\Downloads\SUPERAntiSpyware.exe
2018-05-27 18:31 - 2018-05-27 18:58 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-27 18:31 - 2018-05-27 18:58 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-27 18:31 - 2018-05-27 18:58 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-27 18:31 - 2018-05-27 18:31 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-27 18:31 - 2018-05-27 18:31 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-27 18:31 - 2018-05-27 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-27 18:31 - 2018-05-27 18:31 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-27 18:31 - 2018-05-27 18:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-27 18:31 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-27 18:30 - 2018-05-27 18:30 - 075629776 _____ (Malwarebytes ) C:\Users\Madeline Milton\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe
2018-05-27 17:22 - 2018-05-27 18:44 - 000001064 _____ C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk
2018-05-27 17:22 - 2018-05-27 17:22 - 000003348 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2018-05-27 17:22 - 2018-05-27 17:22 - 000000957 _____ C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk
2018-05-27 17:22 - 2018-05-27 17:22 - 000000925 _____ C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2018-05-27 17:22 - 2018-05-27 17:22 - 000000895 _____ C:\Users\Madeline Milton\Desktop\Private Internet Access.lnk
2018-05-27 17:22 - 2018-05-27 17:22 - 000000000 ____D C:\Users\Madeline Milton\AppData\Local\PrivateInternetAccess
2018-05-27 17:21 - 2018-05-27 17:22 - 000000000 ____D C:\Program Files\pia_manager
2018-05-27 17:21 - 2018-01-30 13:19 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2018-05-27 17:20 - 2018-05-27 17:20 - 053121896 _____ (London Trust Media, Inc. ) C:\Users\Madeline Milton\Downloads\pia-v80-installer-win.exe
2018-05-24 23:57 - 2018-05-24 21:05 - 000000000 ____D C:\Windows.old
2018-05-24 23:54 - 2018-05-24 23:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-24 23:53 - 2018-05-24 23:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-24 23:53 - 2018-05-24 23:53 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-24 23:52 - 2018-05-24 23:52 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-24 23:52 - 2018-05-24 23:52 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-24 23:52 - 2018-05-24 23:52 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-24 23:52 - 2018-05-24 23:52 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-24 23:52 - 2018-05-24 23:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-24 23:52 - 2018-05-24 23:52 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-24 23:52 - 2018-05-24 23:52 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-24 23:52 - 2018-05-24 23:52 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-24 23:50 - 2018-05-24 23:50 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-24 23:50 - 2018-05-24 23:50 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-24 23:50 - 2018-05-24 23:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-24 23:50 - 2018-05-24 23:50 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-24 23:50 - 2018-05-24 23:50 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-24 23:50 - 2018-05-24 23:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-24 23:50 - 2018-05-24 23:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-24 23:50 - 2018-05-24 23:50 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-24 23:50 - 2018-05-24 23:50 - 000000000 ____D C:\Program Files\MSBuild
2018-05-24 23:50 - 2018-05-24 23:50 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-24 23:50 - 2018-05-24 23:50 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-24 21:07 - 2018-05-27 19:06 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-24 21:06 - 2018-05-24 21:06 - 000001417 _____ C:\Users\Madeline Milton\Desktop\Microsoft Edge.lnk
2018-05-24 21:06 - 2018-05-24 21:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-24 21:05 - 2018-05-24 21:05 - 000000020 ___SH C:\Users\Madeline Milton\ntuser.ini
2018-05-24 21:04 - 2018-05-27 19:26 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8A793BB3-6603-41EF-9195-C33F306C8AA6}
2018-05-24 21:04 - 2018-05-27 18:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-24 21:04 - 2018-05-24 21:04 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-24 21:04 - 2018-05-24 21:04 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-24 21:04 - 2018-05-24 21:04 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-24 21:04 - 2018-05-24 21:04 - 000003472 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-24 21:04 - 2018-05-24 21:04 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 21:04 - 2018-05-24 21:04 - 000003248 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-24 21:04 - 2018-05-24 21:04 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 21:04 - 2018-05-24 21:04 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1941808629-963242978-3017579928-1001
2018-05-24 21:04 - 2018-05-24 21:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-05-24 21:02 - 2018-05-24 21:02 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 21:00 - 2018-05-24 21:00 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-24 21:00 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-24 20:59 - 2018-05-24 21:05 - 000000000 ____D C:\Users\Madeline Milton
2018-05-24 20:59 - 2018-05-24 21:01 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000
2018-05-24 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 20:59 - 2017-11-26 00:10 - 000000000 ____D C:\Users\Madeline Milton\AppData\Roaming\Macromedia
2018-05-24 20:59 - 2017-11-26 00:10 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000\AppData\Roaming\Macromedia
2018-05-24 20:58 - 2017-01-09 23:59 - 000099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-24 20:57 - 2018-05-27 18:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-24 20:57 - 2018-05-24 21:00 - 000398752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-23 18:48 - 2018-05-24 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 12:06 - 2018-05-21 12:06 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-21 12:06 - 2018-05-21 12:06 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-21 12:06 - 2018-05-21 12:06 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-21 12:06 - 2018-05-21 12:06 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-19 08:51 - 2018-05-24 21:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-18 17:49 - 2018-05-18 17:49 - 003368026 _____ C:\Users\Madeline Milton\Downloads\_goatsimulator.exe
2018-05-18 17:05 - 2018-05-24 20:59 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000\AppData\Local\Packages
2018-05-18 17:05 - 2018-05-18 17:05 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000\AppData\Local\VirtualStore
2018-05-18 17:05 - 2018-05-18 17:05 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000\AppData\Local\ConnectedDevicesPlatform
2018-05-15 16:06 - 2018-05-15 16:06 - 000000020 ___SH C:\Users\defaultuser1.DESKTOP-Q8V0OAH\ntuser.ini
2018-05-15 16:06 - 2018-05-15 16:06 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH\AppData\Local\VirtualStore
2018-05-15 16:06 - 2018-05-15 16:06 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH\AppData\Local\Packages
2018-05-15 16:06 - 2018-05-15 16:06 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH\AppData\Local\ConnectedDevicesPlatform
2018-05-15 16:06 - 2018-05-15 16:06 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH
2018-05-15 16:06 - 2017-11-26 00:10 - 000000000 ____D C:\Users\defaultuser1.DESKTOP-Q8V0OAH\AppData\Roaming\Macromedia
2018-05-15 16:03 - 2018-05-15 16:03 - 000000020 ___SH C:\Users\defaultuser1\ntuser.ini
2018-05-15 16:03 - 2018-05-15 16:03 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\VirtualStore
2018-05-15 16:03 - 2018-05-15 16:03 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\Packages
2018-05-15 16:03 - 2018-05-15 16:03 - 000000000 ____D C:\Users\defaultuser1\AppData\Local\ConnectedDevicesPlatform
2018-05-15 16:03 - 2018-05-15 16:03 - 000000000 ____D C:\Users\defaultuser1
2018-05-15 16:03 - 2017-11-26 00:10 - 000000000 ____D C:\Users\defaultuser1\AppData\Roaming\Macromedia
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-27 19:14 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-27 19:06 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-27 19:03 - 2016-10-01 18:03 - 000000000 ___RD C:\Users\Madeline Milton\OneDrive
2018-05-27 18:59 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-27 18:58 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-27 18:58 - 2017-09-09 19:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-27 18:53 - 2016-11-12 16:46 - 000000000 ___HD C:\Users\Madeline Milton\AppData\Local\ExpanDrive
2018-05-25 04:01 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-24 23:57 - 2018-04-11 18:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-24 23:57 - 2018-04-11 18:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-24 23:57 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-24 23:57 - 2017-11-27 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly Uploader
2018-05-24 23:57 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-24 23:57 - 2017-09-27 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-24 23:57 - 2017-08-10 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-05-24 23:57 - 2017-07-07 15:10 - 000000000 ____D C:\Program Files\UNP
2018-05-24 23:57 - 2017-03-26 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-24 23:57 - 2016-11-25 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpanDrive
2018-05-24 23:57 - 2016-10-01 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-24 23:57 - 2016-02-14 14:49 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-24 23:54 - 2017-09-09 19:15 - 000000000 ____D C:\Program Files\Intel
2018-05-24 23:54 - 2017-03-12 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2018-05-24 23:54 - 2017-03-12 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2018-05-24 23:52 - 2018-04-12 04:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-24 23:52 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-24 23:52 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-24 23:50 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-24 23:10 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-24 21:22 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-24 21:21 - 2017-11-27 11:57 - 000000000 ____D C:\Users\Madeline Milton\AppData\Local\Packages
2018-05-24 21:05 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-24 21:05 - 2017-11-27 17:26 - 000000000 ___RD C:\Users\Madeline Milton\3D Objects
2018-05-24 21:05 - 2016-10-01 18:01 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-24 21:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-24 21:04 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-24 21:04 - 2016-11-13 16:12 - 000000958 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-24 21:04 - 2016-11-13 16:12 - 000000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-24 21:02 - 2018-04-11 18:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-24 21:02 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-24 21:02 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-24 21:02 - 2016-10-01 19:26 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-24 21:02 - 2016-10-01 18:11 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-24 21:01 - 2016-10-01 19:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-24 21:00 - 2016-11-13 17:58 - 000000000 ____D C:\Users\Madeline Milton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2018-05-24 20:58 - 2017-09-09 19:15 - 000000000 ____D C:\WINDOWS\SysWOW64\TrueColor5.2
2018-05-24 20:58 - 2017-09-09 19:15 - 000000000 ____D C:\WINDOWS\system32\TrueColor5.2
2018-05-24 20:58 - 2017-09-09 19:14 - 000000000 ____D C:\WINDOWS\Firmware
2018-05-23 18:48 - 2016-11-13 16:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-15 15:49 - 2017-03-06 20:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-09 16:33 - 2016-10-01 18:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-09 16:22 - 2017-10-11 08:12 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 16:22 - 2016-10-01 18:20 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-04 17:22 - 2017-11-27 11:07 - 000000000 ____D C:\Users\Madeline Milton\AppData\Roaming\ThisLife
2018-05-01 16:22 - 2018-04-11 18:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 16:22 - 2018-04-11 18:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-24 20:57
 
==================== End of FRST.txt ============================
 
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Madeline Milton (27-05-2018 19:31:34)
Running from C:\Users\Madeline Milton\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-25 02:05:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1941808629-963242978-3017579928-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1941808629-963242978-3017579928-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-1941808629-963242978-3017579928-1004 - Limited - Enabled) => C:\Users\defaultuser1.DESKTOP-Q8V0OAH.000
Guest (S-1-5-21-1941808629-963242978-3017579928-501 - Limited - Disabled)
Madeline Milton (S-1-5-21-1941808629-963242978-3017579928-1001 - Administrator - Enabled) => C:\Users\Madeline Milton
WDAGUtilityAccount (S-1-5-21-1941808629-963242978-3017579928-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.9.5 - RedFox)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
ExpanDrive (HKLM-x32\...\{25CD1BD4-0A3C-4B3C-8BFC-50542BA64D75}) (Version: 5.5.1 - ExpanDrive, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4568 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1941808629-963242978-3017579928-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
OurPact Utility (HKLM-x32\...\6d95fa46-2017-5840-be32-433e220c38b9) (Version: 4.4.1 - Eturi Corp.)
Private Internet Access v80 (HKLM-x32\...\{148169C2-5558-4C3E-B38A-7B1813A264CA}_is1) (Version: 80 - London Trust Media, Inc.)
Shutterfly Uploader (HKLM-x32\...\{D15EBEC3-E6C4-4854-BDC1-22B63711F6EC}) (Version: 2.9.800 - Shutterfly, Inc.)
Slingplayer for Web Installer (HKLM-x32\...\{2085F34A-239C-4EBA-8039-02708516F641}) (Version: 1.2.8.362 - Sling Media) Hidden
SlingplayerForWeb (HKLM-x32\...\{8342a6d8-fbf1-4d1f-87f8-5e907b4c9149}) (Version: 1.2.8.362 - Sling Media)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
VUDU To Go (HKLM-x32\...\{44C00525-7F36-36C5-86F2-06B1035C0450}) (Version: 2.3.3 - Vudu) Hidden
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.3 - Vudu)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {E0E398F8-EAF6-44D9-B6D5-23AE5F14AB83} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {E0E398F8-EAF6-44D9-B6D5-23AE5F14AB83} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E653A0-5956-40A3-A736-047BC55C2C8B} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-05-22] ()
Task: {06FCD454-0A89-4ABE-85CF-D11AADCA8862} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {08312D50-6100-4191-A069-63841D522682} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-19] (Microsoft Corporation)
Task: {11648785-0D4E-4558-9B2C-7D8F241DBC08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-01] (Google Inc.)
Task: {1441B484-3FF7-4B55-A9F1-3F77931A4006} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {16455775-345A-4209-A906-BEA7D3FE8860} - System32\Tasks\SUPERAntiSpyware Scheduled Task 651b4c68-784b-48be-8348-0ae6615b6a21 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {206322F5-02F7-4319-B5E6-F2D27B4FB6A0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {3FA7A1D2-ECA4-4F8F-9F77-B271306531E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {42307422-0A80-4CF4-8984-3AC28F9CB287} - System32\Tasks\SUPERAntiSpyware Scheduled Task 1357cef9-5958-4271-a18a-8d1794c6bfc6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {45C9550A-26F8-4418-9A4F-D52302984C94} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
Task: {4C54CB7F-5969-48B1-96DD-C15D9629F4C1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {5DA101C9-92B7-48A9-A512-C96C22F1424F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-19] (Microsoft Corporation)
Task: {5E171BE8-3004-4C4C-80C2-513116BF3E11} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {947AB61A-684D-4307-8B8F-D78FEA10708C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {96D0001F-89E3-4FF7-B060-C62F76CA9A27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {A4062F59-E183-478B-84BA-8C1155E13327} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {CB10990B-3417-4807-AF04-806DD83A2DEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-01] (Google Inc.)
Task: {D0E66C6B-BBEF-4760-8C9A-C02E9A200883} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {DD6303D3-0FAD-47ED-833B-0601043F1F58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {DFBB7341-7376-4396-BB34-9AF14B6FBDCB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-19] (Microsoft Corporation)
Task: {F205CE0D-81D9-48FE-B5EF-A20DA088C6F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-05-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 1357cef9-5958-4271-a18a-8d1794c6bfc6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 651b4c68-784b-48be-8348-0ae6615b6a21.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-27 18:31 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-27 18:31 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-10-01 19:55 - 2018-05-12 14:36 - 008939696 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 18:50 - 2018-05-23 18:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 18:50 - 2018-05-23 18:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 18:50 - 2018-05-23 18:50 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 18:50 - 2018-05-23 18:50 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 18:50 - 2018-05-23 18:50 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-05-17 19:53 - 2018-05-14 22:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-17 19:53 - 2018-05-14 22:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-14 14:49 - 2017-04-28 20:05 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1941808629-963242978-3017579928-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Madeline Milton\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{87243468-D412-4ED2-927C-DEDB6091BBD3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{25AFCC36-2B11-4457-AAF2-09A2364AF98D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA42A664-8EF4-43A6-8240-60B82BAA9DD0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4B4034A4-5728-45DE-B945-F0AF65566903}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{02E87B41-8A8E-4A5C-89E8-7CCF06B4E876}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{2C96DD31-0B0B-4389-9F2F-840E368C57E8}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Block) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [TCP Query User{AE00BB62-0B8A-45A7-B78F-44BE5DC2AA93}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Block) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{3DBA6D5D-B21B-42DF-876B-2FD483689EFE}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{5BCE2332-8EE9-43DF-A046-C414992A8B79}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{A7E03E62-005A-40CA-B903-EC0005D56680}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19923CEF-5D9A-4293-A931-E243E3F56AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7870DD3F-AE97-4BFF-B0B8-8E4DC337BE74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F36CEF7-D6E2-46D7-A20C-10DFD5B2100E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B57D4373-B858-4EA6-9F3D-E8D1C96F796C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E5E40760-23F2-4B1C-902B-CE5D74B776E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [TCP Query User{DE189D2B-41C1-4720-B36B-C7FBCCD8C557}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [UDP Query User{E9D6580F-AE88-486E-BEA7-A520BCCBB375}C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe] => (Allow) C:\program files (x86)\sling media\slingplayerforweb\slingplayerforweb.exe
FirewallRules: [{E6396F58-BB60-4121-8DC2-57AE08AD4F5F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E32CD581-9214-48CE-AA2B-BA1D68AD1DE7}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
FirewallRules: [UDP Query User{73BBB3FC-E246-401E-96D9-49F2F807591B}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/27/2018 06:58:50 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-Q8V0OAH$ via https://IFX-KeyId-c2ef641c329cb0a9f2eae04bfb10c99b89c34614.microsoftaik.azure.net/templates/Aik/scep failed:
 
GetCACaps
 
Method: GET(1969ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
 
Error: (05/27/2018 08:39:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2108
 
Start Time: 01d3f5bee0b03249
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: c7f93f5b-a306-4ed0-8bed-66a1f010d4b8
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/26/2018 12:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5235
 
Error: (05/26/2018 12:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5235
 
Error: (05/26/2018 12:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/26/2018 12:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3500
 
Error: (05/26/2018 12:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3500
 
Error: (05/26/2018 12:31:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/27/2018 07:10:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-Q8V0OAH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-Q8V0OAH\Madeline Milton SID (S-1-5-21-1941808629-963242978-3017579928-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 07:09:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 07:07:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-Q8V0OAH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-Q8V0OAH\Madeline Milton SID (S-1-5-21-1941808629-963242978-3017579928-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 07:01:08 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-Q8V0OAH)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
 
Error: (05/27/2018 07:00:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 07:00:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 06:59:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-Q8V0OAH)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-Q8V0OAH\Madeline Milton SID (S-1-5-21-1941808629-963242978-3017579928-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/27/2018 06:59:32 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-Q8V0OAH)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-27 18:32:19.393
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-27 18:29:25.948
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-05-27 18:29:25.549
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cbfsNetRdr6.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.08 MB
Available physical RAM: 4751.55 MB
Total Virtual: 10017.08 MB
Available Virtual: 6707.96 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:236.3 GB) (Free:17.59 GB) NTFS
 
\\?\Volume{5bcdaee9-5ecf-42b7-b0a2-5e83e8f89084}\ (Windows RE tools) (Fixed) (Total:0.29 GB) (Free:0.27 GB) NTFS
\\?\Volume{876f3ea2-0f0a-4a37-9c44-88e73999c2c2}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{c6bee7de-7585-44d4-b4bb-3b4c21f02351}\ (SYSTEM) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
\\?\Volume{482f94fc-b247-11e6-bda3-6002920cdb1f}\ () () (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BDE0FC69)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 27 May 2018 - 08:35 PM

Greetings Jason.

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
CHR Extension: (Honey) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-19]
CHR Extension: (SeasonGamer Advertising) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaamcnenoiiddpdolncffmehldmkhan [2018-05-18]
C:\WINDOWS\system32\Notifier.exe
Task: {A4062F59-E183-478B-84BA-8C1155E13327} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
FirewallRules: [TCP Query User{E32CD581-9214-48CE-AA2B-BA1D68AD1DE7}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
FirewallRules: [UDP Query User{73BBB3FC-E246-401E-96D9-49F2F807591B}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
C:\program files (x86)\ourpact utility
C:\Users\Madeline Milton\AppData\Roaming\ThisLife
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right click JRT.exe and select Run as administrator
  • Press any key to continue
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • Please copy and paste the contents of the FSS.txt report in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • FSS.txt
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 miltonq

miltonq
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 May 2018 - 10:28 PM

Appreciate your continued help.  Below are the logs requested...

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Madeline Milton (27-05-2018 22:12:28) Run:1
Running from C:\Users\Madeline Milton\Downloads
Loaded Profiles: Madeline Milton (Available Profiles: Madeline Milton & defaultuser1)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CHR Extension: (Honey) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-19]
CHR Extension: (SeasonGamer Advertising) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaamcnenoiiddpdolncffmehldmkhan [2018-05-18]
C:\WINDOWS\system32\Notifier.exe
Task: {A4062F59-E183-478B-84BA-8C1155E13327} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
FirewallRules: [TCP Query User{E32CD581-9214-48CE-AA2B-BA1D68AD1DE7}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
FirewallRules: [UDP Query User{73BBB3FC-E246-401E-96D9-49F2F807591B}C:\program files (x86)\ourpact utility\ourpact utility.exe] => (Allow) C:\program files (x86)\ourpact utility\ourpact utility.exe
C:\program files (x86)\ourpact utility
C:\Users\Madeline Milton\AppData\Roaming\ThisLife
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
 
*****************
 
Processes closed successfully.
CHR Extension: (Honey) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-05-19] => Error: No automatic fix found for this entry.
CHR Extension: (SeasonGamer Advertising) - C:\Users\Madeline Milton\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaamcnenoiiddpdolncffmehldmkhan [2018-05-18] => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\Notifier.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4062F59-E183-478B-84BA-8C1155E13327}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4062F59-E183-478B-84BA-8C1155E13327}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\Notifier => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\Notifier" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E32CD581-9214-48CE-AA2B-BA1D68AD1DE7}C:\program files (x86)\ourpact utility\ourpact utility.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{73BBB3FC-E246-401E-96D9-49F2F807591B}C:\program files (x86)\ourpact utility\ourpact utility.exe" => removed successfully
C:\program files (x86)\ourpact utility => moved successfully
C:\Users\Madeline Milton\AppData\Roaming\ThisLife => moved successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1941808629-963242978-3017579928-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1941808629-963242978-3017579928-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90911598 B
Java, Flash, Steam htmlcache => 1745 B
Windows/system/drivers => 892641 B
Edge => 2660105 B
Chrome => 568924496 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 5824 B
NetworkService => 0 B
Madeline Milton => 75800429 B
defaultuser1.DESKTOP-Q8V0OAH.000 => 0 B
 
RecycleBin => 14864795444 B
EmptyTemp: => 14.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:15:07 ====
 
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by Madeline Milton (Administrator) on Sun 05/27/2018 at 22:20:46.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/27/2018 at 22:23:55.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FSS:
Farbar Service Scanner Version: 27-01-2016
Ran by Madeline Milton (administrator) on 27-05-2018 at 22:26:10
Running from "C:\Users\Madeline Milton\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 28 May 2018 - 02:20 PM

Thank you for the reports.

Please do this.

===================================================

Removing Chrome Extensions

--------------------
  • Launch Chrome web browser
  • Type chrome://extensions and press Enter
  • Remove the following:

Honey
SeasonGamer Advertising

  • Close Chrome, relaunch it and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Update on Chrome/computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 miltonq

miltonq
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 28 May 2018 - 02:30 PM

Yesssss!!!!  You got it!  I removed both Honey and that "SeasonGamer Advertising" and things seem to be working now.  Honey is very common and I've used it for a long time, so I'm guessing the issue was more around that "SeasonGamer Advertising" extension.  I have no idea what that is or where it came from!  Thank you so much for your help!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 28 May 2018 - 02:38 PM

"We" got it. :thumbsup2:

Please do these things now.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows Defender?
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 miltonq

miltonq
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 28 May 2018 - 10:38 PM

Windows defender looks just fine.

 

I ran the ESET program and it completed indicating that there were no threats found.  I clicked the "uninstall on exit" and then finish, and then the final screen gave no option to save a file.  So I don't have the log from that one.  Do you need me to re-run it?

 

Here is the log file from the RGSA:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 13th May, 2018
Running from:C:\Users\Madeline Milton\Desktop (22:35:03 - 05/28/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Acrobat Reader DC (18.011.20040)
Google Chrome (66.0.3359.181)
Malwarebytes (3.5.1.2522)
SUPERAntiSpyware (6.0.1258)
 
***----------------Analysis Complete-------------------------***
 
Computer seems to be running normal now.  Not seeing any indication of anything hijacking it anymore!


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 29 May 2018 - 08:44 AM

Greetings Jason.

If no threats are found by ESET no report will be created.

The second report looks fantastic. Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your computer is now clean.

Right click on the FRST icon and rename it to Uninstall. Right click on it again, select Run as administrator and FRST will delete itself. You may also delete any other tools or reports created during our efforts.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif

Edited by Oh My!, 29 May 2018 - 08:44 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 AM

Posted 30 May 2018 - 08:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users