Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MachineLearning/100%anomalous detection on Malwarebytes - was this an infection?


  • This topic is locked This topic is locked
9 replies to this topic

#1 12andrew3

12andrew3

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 June 2018 - 09:09 PM

Hi everyone,

 

Did a scan a couple of weeks back and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well. I also made a post on the Malwarebytes forum and I was given further assistance, BUT my main concern is: was this actually a real problem or was it a false positive?

 

My reason for asking is: I hardly ever use this computer, and only use 'safe' websites (Wikipedia, BBC news etc). I am not a novice when it comes to computer security. If I did manage to get some malware on my computer, I need to find out where it came from so it doesn't happen again. However, if it was a false positive, then I can rest easier. 

 

I have looked over the Malwarebytes forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I also understand that MalwareBytes is using new detection systems to stop malware and that there may have been some teething problems. But I'd like to know for sure.

 

I'm attaching the exported reports here as per your forum's suggestions. You can also see the full Malwarebytes discussion here (https://forums.malwarebytes.com/topic/230338-machinelearning100anomalous-detection-is-this-ok/?tab=comments#comment-1244740), but I stress again - my main concern is not whether this thing has been quarantined and erased, but whether it was an actual problem to start with!

 

There are no other visible signs of infection (slowing down, redirects etc). Done multiple scans using both Avast and Malwarebytes since, and no problems. 

 

Would just like to know!

 

Thank you.



BC AdBot (Login to Remove)

 


#2 12andrew3

12andrew3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 June 2018 - 09:15 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Andrew (administrator) on DESKTOP-DANGUIK (23-05-2018 05:43:11)
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available Profiles: Andrew)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2017-04-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{6cbe9bbc-d1c2-4010-b603-a7f219533aa8}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{8718fe39-fb16-455c-80c9-2079bd7e7dd8}: [DhcpNameServer] 168.126.63.1 168.126.63.2

Internet Explorer:
==================
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> DefaultScope {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> {859287B1-AA97-4996-928E-C3E8170B268E} URL = 

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-05-23]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (IBM Security Rapport) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-11]
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-15] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2017-04-17] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777048 2017-09-18] (Samsung Electronics Co., Ltd.)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-09] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-15] (AVAST Software)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-07] (ELAN Microelectronic Corp.)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-05-20] (Malwarebytes)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM Corp.)
S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-03-15] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM Corp.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [491800 2018-03-15] (IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-20] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.)
R3 Snscr; C:\WINDOWS\System32\drivers\Snscr.sys [52224 2016-10-31] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [48896 2015-07-09] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-07-09] (DEVGURU Co., LTD.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:43 - 2018-05-23 05:43 - 000017673 _____ C:\Users\Andrew\Desktop\FRST.txt
2018-05-23 05:42 - 2018-05-23 05:43 - 000000000 ____D C:\FRST
2018-05-23 05:41 - 2018-05-23 05:41 - 002413056 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2018-05-21 08:05 - 2018-05-21 08:05 - 000001272 _____ C:\Users\Andrew\Desktop\MB Report.txt
2018-05-21 07:26 - 2018-05-21 07:26 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache
2018-05-21 07:12 - 2018-05-21 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 04:42 - 2018-05-20 11:50 - 000000000 ____D C:\Windows.old
2018-05-20 11:51 - 2018-05-21 07:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-20 11:51 - 2018-05-20 11:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-20 11:50 - 2018-05-21 19:08 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-05-20 11:50 - 2018-05-21 19:08 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-20 11:50 - 2018-05-21 07:26 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-20 11:50 - 2018-05-21 07:26 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-20 11:50 - 2018-05-21 07:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-20 11:50 - 2018-05-21 07:16 - 000004000 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-20 11:50 - 2018-05-21 07:16 - 000003768 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-20 11:50 - 2018-05-20 11:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-20 11:50 - 2018-05-20 11:50 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1859029883-19092773-3022626163-1001
2018-05-20 11:50 - 2018-05-20 11:50 - 000002422 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2018-05-20 11:50 - 2018-05-20 11:50 - 000002418 _____ C:\WINDOWS\System32\Tasks\SamsungLinkTray
2018-05-20 11:50 - 2018-05-20 11:50 - 000002322 _____ C:\WINDOWS\System32\Tasks\SAgent
2018-05-20 11:50 - 2018-05-20 11:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-05-20 11:50 - 2018-05-20 11:50 - 000002264 _____ C:\WINDOWS\System32\Tasks\ColorEngine
2018-05-20 11:50 - 2018-05-20 11:50 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-20 11:50 - 2018-05-20 11:50 - 000000020 ___SH C:\Users\Andrew\ntuser.ini
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\SecTimeSync
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Samsung
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1859029883-19092773-3022626163-1001
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-20 11:47 - 2018-05-20 11:47 - 000000000 ____D C:\ProgramData\USOShared
2018-05-20 11:44 - 2018-05-20 11:44 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-20 11:43 - 2018-05-20 11:50 - 000000000 ____D C:\Users\Andrew
2018-05-20 11:43 - 2018-05-20 11:44 - 000000000 ____D C:\Users\Andrew\AppData\Local\Google
2018-05-20 11:43 - 2018-04-12 08:34 - 000001105 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-20 11:43 - 2018-04-12 08:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-20 11:43 - 2017-08-02 07:59 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Mozilla
2018-05-20 11:43 - 2016-11-25 23:19 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-05-20 11:43 - 2016-11-25 23:19 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-20 11:43 - 2016-10-10 18:38 - 000000000 ____D C:\Users\Andrew\AppData\Local\Trusteer
2018-05-20 11:42 - 2018-05-21 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-20 11:42 - 2018-05-21 07:25 - 000264536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-19 22:10 - 2018-05-15 17:16 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-05-19 22:10 - 2018-05-15 17:16 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-05-19 22:10 - 2018-01-24 17:13 - 000338384 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2018-05-19 22:10 - 2017-06-28 19:10 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150162212764003
2018-05-19 22:10 - 2016-07-11 17:51 - 000473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.146822709757802
2018-05-19 22:09 - 2018-05-21 04:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-19 22:03 - 2018-05-19 22:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-15 20:44 - 2018-05-15 20:44 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-15 20:44 - 2018-05-15 20:44 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-15 20:43 - 2018-05-15 20:43 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-15 20:43 - 2018-05-15 20:43 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-15 20:43 - 2018-05-15 20:43 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-15 20:43 - 2018-05-15 20:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-15 20:42 - 2018-05-15 20:42 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-15 19:19 - 2018-05-15 19:19 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-15 19:19 - 2018-05-15 19:19 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-15 19:19 - 2018-05-15 19:19 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\MSBuild
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-15 19:17 - 2018-05-15 19:17 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-15 18:54 - 2018-05-15 18:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-14 20:45 - 2018-05-14 20:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 20:45 - 2018-05-14 20:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-10 06:23 - 2018-05-21 06:32 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-05 17:06 - 2018-05-05 17:06 - 015813864 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup542.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:43 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-23 05:42 - 2018-04-12 08:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-23 05:38 - 2016-10-10 18:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-23 05:38 - 2016-01-17 00:06 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2018-05-21 21:35 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-21 19:46 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2018-05-21 19:09 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\dvdcss
2018-05-21 08:52 - 2016-10-10 18:45 - 000000000 ____D C:\Users\Andrew\AppData\Local\ConnectedDevicesPlatform
2018-05-21 07:36 - 2016-03-03 18:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-21 07:32 - 2018-04-12 08:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-21 07:25 - 2016-03-03 19:20 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 07:25 - 2016-03-03 19:20 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 07:16 - 2018-04-12 08:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Users\Andrew\AppData\Local\Dropbox
2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-05-21 04:42 - 2018-04-12 08:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-21 04:42 - 2018-04-12 08:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\IME
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-21 04:42 - 2017-12-18 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-21 04:42 - 2017-12-14 06:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-21 04:42 - 2017-09-29 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-21 04:42 - 2017-07-11 18:04 - 000000000 ____D C:\Program Files\UNP
2018-05-21 04:42 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Intel
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\system32\vbox
2018-05-21 04:42 - 2016-03-07 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-05-21 04:42 - 2016-03-06 19:50 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2018-05-21 04:42 - 2016-03-03 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-21 04:42 - 2015-12-10 02:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\samsung
2018-05-21 04:42 - 2015-12-09 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-05-21 04:42 - 2015-12-09 09:24 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2018-05-20 12:07 - 2017-12-31 14:15 - 000000000 ____D C:\Users\Andrew\AppData\Local\Packages
2018-05-20 11:50 - 2017-12-31 15:15 - 000000000 ___RD C:\Users\Andrew\3D Objects
2018-05-20 11:50 - 2015-12-10 02:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-20 11:49 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-20 11:46 - 2016-10-10 18:40 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-20 11:45 - 2017-12-14 06:07 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-20 11:44 - 2018-04-12 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-20 11:43 - 2016-10-10 18:34 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Elantech
2018-05-19 22:17 - 2018-04-12 08:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-19 22:11 - 2016-10-11 11:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-19 22:11 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-05-19 22:10 - 2018-04-12 18:18 - 000000000 ____D C:\WINDOWS\OCR
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-19 22:10 - 2018-04-12 06:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-19 22:10 - 2016-03-03 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-19 22:09 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Realtek
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-15 17:16 - 2017-12-27 18:32 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-05-15 17:16 - 2016-08-09 18:03 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-11 08:10 - 2016-03-08 19:04 - 000000000 ___RD C:\Users\Andrew\Desktop\Other stuff
2018-05-11 08:08 - 2016-03-03 19:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-11 07:56 - 2017-10-12 19:26 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-11 07:56 - 2016-03-03 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-05 17:08 - 2016-03-03 19:10 - 000000000 ____D C:\Users\Andrew\Desktop\Deflector Shields
2018-05-05 08:23 - 2016-01-17 00:08 - 000000000 ___RD C:\Users\Andrew\OneDrive
2018-05-02 06:22 - 2018-04-12 08:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-02 06:22 - 2018-04-12 08:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-03-03 18:58 - 2017-04-17 18:08 - 000067064 _____ () C:\ProgramData\SettingsDataBackup.reg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 11:42

==================== End of FRST.txt ============================

Addition.txt

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 PM

Posted 16 June 2018 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/678965 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 12andrew3

12andrew3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 18 June 2018 - 08:15 PM

Hi,

 

I have responded to the above message by requesting further help. No worries about the delay, I just appreciate that this community exists to help people!

 

In response to the questions I should answer:

 

1. The situation remains the same - in fact, I haven't used the computer since so nothing should have changed at all about the system. Therefore the initial description is still a full description of what's going on. 

2. I'm writing this on a work computer, but when I get to my home computer (the one with the problem) I will post a new FRST log. This should be in the next 24 hrs (I work away a lot).

3. I do not own this, to my knowledge. 

 

 

Thanks for your help and I look forward to hearing your ideas. 



#5 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 19 June 2018 - 02:55 PM

Hello 12andrew3,

My name is King_Yoshi and I will be helping you today.

If at any point you have any comments, questions or concerns, please do not hesitate to post them.

Allow me some time to review your post.

In the meantime please review the following rules.

Basic Rules:

1. First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.
Please try to match our commitment to you with your patience toward us.
I try to reply as soon as possible. (Typically every 24-48 hours.)

2. Please do not run any tools or take any steps other than those I provide for you.
I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take.
If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.

3. Please perform all steps in the order they are listed, in each set of instructions. Some steps may be a bit complicated.
If things are not clear, be sure to stop and let me know.

4. Please copy and paste all logs into your post, unless directed otherwise.
Please do not re-run any programs I suggest.
If you encounter problems simply stop and tell me.

5. When you post your reply, use the 2ni7laq.jpg button.

6. In the upper right hand corner of the topic you will see the 15n7fnk.jpg button.
Please click on this then choose "Immediate E-Mail notification" and then "Proceed" and you will be sent an email once I have posted a response.

7. If you do not reply to your topic after 3 days I will bump the post. After 5 days of no reply we will assume it has been abandoned and I will close it.

8. When your computer is clean I will alert you of such.
I will also provide for you detailed information about how you can prevent and combat future infections.



#6 12andrew3

12andrew3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 June 2018 - 04:02 AM

Hi, 

 

Thanks for your help!

 

As requested previously, here is a new FRST scan from today. I am also enclosing the Addition log as well as an attachment. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.06.2018
Ran by Andrew (administrator) on DESKTOP-DANGUIK (20-06-2018 17:51:05)
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew &  (Available Profiles: Andrew)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2017-04-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947879\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947895\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)
HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{6cbe9bbc-d1c2-4010-b603-a7f219533aa8}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{8718fe39-fb16-455c-80c9-2079bd7e7dd8}: [DhcpNameServer] 168.126.63.1 168.126.63.2
 
Internet Explorer:
==================
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> DefaultScope {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926 -> DefaultScope {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926 -> {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-06-20]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (IBM Security Rapport) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-11]
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06202018174947926\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-15] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2017-04-17] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777048 2017-09-18] (Samsung Electronics Co., Ltd.)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-09] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-15] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-15] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-15] (AVAST Software)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-07] (ELAN Microelectronic Corp.)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-05-20] (Malwarebytes)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM Corp.)
S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-03-15] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM Corp.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [491800 2018-03-15] (IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-20] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.)
R3 Snscr; C:\WINDOWS\System32\drivers\Snscr.sys [52224 2016-10-31] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [48896 2015-07-09] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-07-09] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-06-15] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-06-15] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-15] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-20 17:49 - 2018-06-20 17:49 - 000000000 ____D C:\Users\Andrew\Desktop\FRST-OlderVersion
2018-06-10 09:25 - 2018-06-10 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-04 19:18 - 2018-06-04 19:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-04 19:18 - 2018-06-04 19:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-04 19:18 - 2018-06-04 19:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-04 19:18 - 2018-06-04 19:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-25 22:11 - 2018-05-25 22:11 - 000000000 ____D C:\ProgramData\Sophos
2018-05-25 22:09 - 2018-05-25 22:09 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-05-25 22:09 - 2018-05-25 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-05-25 22:09 - 2018-05-25 22:09 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-05-25 22:05 - 2018-05-25 22:08 - 195958672 _____ (Sophos Limited) C:\Users\Andrew\Desktop\Sophos Virus Removal Tool.exe
2018-05-25 06:04 - 2018-05-25 06:10 - 000000245 _____ C:\Users\Andrew\Desktop\SearchReg.txt
2018-05-24 06:02 - 2018-05-24 06:02 - 000002493 _____ C:\Users\Andrew\Desktop\Fixlog.txt
2018-05-24 06:01 - 2018-05-24 06:01 - 000000526 _____ C:\Users\Andrew\Downloads\fixlist (2).txt
2018-05-24 06:00 - 2018-05-24 06:00 - 000000526 _____ C:\Users\Andrew\Downloads\fixlist (1).txt
2018-05-23 05:44 - 2018-05-23 05:44 - 000045274 _____ C:\Users\Andrew\Desktop\Addition.txt
2018-05-23 05:43 - 2018-06-20 17:51 - 000018899 _____ C:\Users\Andrew\Desktop\FRST.txt
2018-05-23 05:42 - 2018-06-20 17:51 - 000000000 ____D C:\FRST
2018-05-23 05:41 - 2018-06-20 17:49 - 002413056 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2018-05-21 08:05 - 2018-05-21 08:05 - 000001272 _____ C:\Users\Andrew\Desktop\MB Report.txt
2018-05-21 07:26 - 2018-05-21 07:26 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache
2018-05-21 04:42 - 2018-05-20 11:50 - 000000000 ____D C:\Windows.old
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-20 17:47 - 2016-10-10 18:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-20 17:47 - 2016-01-17 00:06 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2018-06-15 07:12 - 2018-05-20 11:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-15 07:04 - 2016-03-03 18:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-15 06:31 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-15 06:31 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-15 06:22 - 2018-04-12 06:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-15 06:21 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-15 06:21 - 2016-03-03 18:57 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-06-10 09:25 - 2016-03-03 19:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-25 05:43 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-24 06:08 - 2018-05-20 11:51 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-24 06:08 - 2018-04-12 08:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-24 06:03 - 2018-05-20 11:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-24 06:03 - 2018-04-12 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-23 05:42 - 2018-04-12 08:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-21 19:46 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2018-05-21 19:09 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\dvdcss
2018-05-21 19:08 - 2018-05-20 11:50 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-05-21 19:08 - 2018-05-20 11:50 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-21 08:52 - 2016-10-10 18:45 - 000000000 ____D C:\Users\Andrew\AppData\Local\ConnectedDevicesPlatform
2018-05-21 07:26 - 2018-05-20 11:50 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-21 07:26 - 2018-05-20 11:50 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-21 07:25 - 2018-05-20 11:42 - 000264536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-21 07:25 - 2016-03-03 19:20 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 07:25 - 2016-03-03 19:20 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 07:16 - 2018-05-20 11:50 - 000004000 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-21 07:16 - 2018-05-20 11:50 - 000003768 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-21 07:16 - 2018-04-12 08:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Users\Andrew\AppData\Local\Dropbox
2018-05-21 06:32 - 2018-05-10 06:23 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-21 04:42 - 2018-05-19 22:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-05-21 04:42 - 2018-04-12 08:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-21 04:42 - 2018-04-12 08:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\IME
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-21 04:42 - 2017-12-18 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-21 04:42 - 2017-12-14 06:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-21 04:42 - 2017-09-29 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-21 04:42 - 2017-07-11 18:04 - 000000000 ____D C:\Program Files\UNP
2018-05-21 04:42 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Intel
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\system32\vbox
2018-05-21 04:42 - 2016-03-07 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-05-21 04:42 - 2016-03-06 19:50 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2018-05-21 04:42 - 2016-03-03 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-21 04:42 - 2015-12-10 02:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\samsung
2018-05-21 04:42 - 2015-12-09 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-05-21 04:42 - 2015-12-09 09:24 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
 
==================== Files in the root of some directories =======
 
2016-03-03 18:58 - 2017-04-17 18:08 - 000067064 _____ () C:\ProgramData\SettingsDataBackup.reg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-20 11:42
 
==================== End of FRST.txt ============================

Attached Files



#7 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 21 June 2018 - 02:55 PM

Hello 12andrew3,

Thank you for your patience.

I have looked over your logs and found that everything looks clean. (No infections.)
Regarding your question "as this actually a real problem or was it a false positive?"

I would suggest asking about it in the False Positives or Malwarebytes 3 Support Forum.
It is their program, therefore only they would have the expertise to explain how their application functions.



#8 12andrew3

12andrew3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 22 June 2018 - 02:04 AM

Hi,

 

Thank you for your help with this - I appreciate it. 

 

Andrew 



#9 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,361 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 22 June 2018 - 11:31 AM

Hi,

Thank you for your help with this - I appreciate it.

Andrew

You are most welcome

To help prevent future infections please see the below list of tips.


:step1: Keep Your Computer and Software Up to Date
New malware is written every day. Many of these threats target vulnerabilities in your PC software. Software companies regularly release updates that fix these vulnerabilities.
To help stay protected you should regularly update all your software. This includes programs like Java, Adobe and QuickTime.

Microsoft has a great Frequently Asked Questions page, regarding this topic.

:step2: Use Antivirus Software
Antivirus (or anti-virus) software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses. Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs.

Just remember, Antivirus software is not 100% foolproof.

:step3: Think Before You Click
A). Avoid websites that provide pirated material.
B.. Do not open an email attachment or click on a link, from somebody or a company that you do not know.
C). Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, scan it before you run it.

:step4: Back Up Your Files
Consider the inconvenience of having to recreate all of the information stored on your computer and how much of it might actually be irreplaceable.

Information or data on your computer could be lost if:
A). The hard drive in your computer fails...
B). The data on your computer is corrupted...
C). Your computer is lost or stolen...
D). Your computer is in a fire or other environmental event...
E). A virus infects your computer and deletes, encrypts, or corrupts your files...

Check out this article for a list of free file backup software.

This is especially relevant since certain ransomware encrypt your files and cannot currently be decrypted, leading you to permanently lose access to those files.
See Microsoft's article for more information on ransomeware.

:step5: Use Multiple Strong Passwords
Never use the same password multiple times, especially on your bank account.
Typically, we use the same email address or username for all of our accounts.
Those are easy to see and steal. If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack your account.
Use a strong password; Use lower case, upper case, numbers, and symbols in your password.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:12 AM

Posted 24 June 2018 - 07:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users