Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with reimageplus.com


  • This topic is locked This topic is locked
28 replies to this topic

#1 pandabird

pandabird

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 18 July 2018 - 09:37 PM

My computer has behaving weird the last day or so with with me being unable to type into browser (only able to click to locations). Other things don't react as normal and inappropriate dialogs etc. sometimes have  sometimes appeared.

I believe I may have downloaded a recent ccleaner version that was infected (per re-upload of program to Virustotal) I uploaded this then as strange things were happening after this download/install.

 

 

All things below run in NORMAL mode GUI.

Ran current Rkill x64 (from this site) prior to running below.  (except maybe FRBT64)

 

I have scanned my computer with Super Anti-Spyware Free. (current updated definitions). Many tracking cookies were removed (normal).

 

I ran AdwCleaner from Malwarebytes (Downloaded from bleeping). Nothing bad was found.

 

Ran Malwarebytes-PRO (just re-downloaded a new version which happened to be this-15day FREE usage).

     This program blocked outgoing processes to reimageplus.com  161.47.7.14 -several blocked about 1 AM

     Also blocked outbound processes to robiau.pw 148.251.54.98.

 

I also downloaded Farber Recovery Tool x64 and ran that. Log is being provided.

Ran an older ccleaner version saved on my system.

Please advise. I am including logs. Thank you.

Problem may be okay now but I am not sure if properly cleaned.
 


Edited by pandabird, 18 July 2018 - 09:45 PM.


BC AdBot (Login to Remove)

 


#2 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 18 July 2018 - 10:13 PM

I have WIN 10 OS, use Windows Defender AV and Firewall, backup to external drive.(just downloaded DrivimageXML)-previously used WIN ibackup (hard to use) and AOEMI to clone system a year ago.

 

Note: Also ran MBAR anti-rootkit (current download). Nothing found.

Ran TDSS-Killer- Nothing found- current download

I also had ccleaner (old version) check registry etc.and it removed many firewall entries.

 

 

FRT64 LOG


LastRegBack: 2018-05-20 11:45

==================== End of FRST.txt ============================

 

Addition.txt for Farber Recovery Tool-see atachment

 

 

 

############################

 

Malwarebytes Logs

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/18/18
Protection Event Time: 2:12 AM
Log File: 9d3575ba-8a51-11e8-b6d8-782bcb97f381.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.5949
License: Trial

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: robiau.pw
IP Address: 148.251.54.98
Port: [65511]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)

.............................

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/18/18
Protection Event Time: 1:05 AM
Log File: 30e9a344-8a48-11e8-b0bb-782bcb97f381.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.5949
License: Trial

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: reimageplus.com
IP Address: 161.47.7.14
Port: [53227]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)

........................

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/16/18
Scan Time: 3:15 AM
Log File: 15183774-88c8-11e8-830f-782bcb97f381.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.5919
License: Trial

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: OWNER-PC\OWNER

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 517405
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 24 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.MindSpark.Generic, C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D855QIEC.RK062017\BROWSER-EXTENSION-DATA\_ceMembers_@free.easypdfcombine.com, Quarantined, [1683], [468075],1.0.5919

File: 1
PUP.Optional.MindSpark.Generic, C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\browser-extension-data\_ceMembers_@free.easypdfcombine.com\storage.js, Quarantined, [1683], [468075],1.0.5919

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

 

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 19 July 2018 - 08:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Not sure if you have this program.
Please run it and post the FRST.TXt and Addition.txt logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Wait for further instructions.

#4 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 19 July 2018 - 10:30 AM

I am re-posting the addition.txt  on Google drive as it was too large and must not have attached.

hxxps://drive.google.com/file/d/1IEq0S8IRclxVupoOGoWnuwEHKfh5anul/view?usp=sharing

 

I have re-downloaded the Farber Recovery tool again and will re-scan with this version.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 19 July 2018 - 01:10 PM

The Addition.txt is clean.

Please post the FRST.txt or FRST64.txt for my review.

#6 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 19 July 2018 - 03:51 PM

I just ran the program again. I did not get anything printed the previous time.

 

I do not know what was causing my computer to make outbound requests to those IP addresses. It would be nice to find that out.

 

One thing I also did then was I ran a MBR-check program from DELL (old). I replaced the MBR for 2 of 3 drives to a "default" one. Whether that corrected the problem or not I do not know.

 

I did download a new ccleaner from prompt within program but I do not see the program in FRST log. The AVAST programs somehow came on too at the same time. I discontinued using AVAST about a year ago due to some possible program conflict.

=========================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by OWNER (administrator) on OWNER-PC (19-07-2018 16:20:38)
Running from C:\Users\OWNER\Desktop\Emergency Malware programs 3 19 07
Loaded Profiles: OWNER (Available Profiles: OWNER & USER 1)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Smartware\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Acresso Software Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\49297T.Partl.SpotBright_1.4.2.0_x64__jr9bq2af9farr\SpotBright.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(f.lux Software LLC) C:\Users\OWNER\AppData\Local\FluxSoftware\Flux\flux.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16681728 2016-07-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [56894944 2017-10-29] (Western Digital Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5388128 2017-06-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Run: [f.lux] => C:\Users\OWNER\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Run: [DellSystemDetect] => C:\Users\OWNER\AppData\Local\Apps\2.0\1JDBVPKL.019\9J5DLC34.6WE\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [570368 2018-04-11] (Microsoft Corporation)
Startup: C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-07-16]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5dc06d14-9954-4386-8b62-a963071657f8}: [NameServer] 18.221.255.27
Tcpip\..\Interfaces\{7d452faa-eb44-4611-bc33-cdc0034ab252}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f05c40b3-b398-43ab-b672-737e6f5d766a}: [NameServer] 18.221.255.27
Tcpip\..\Interfaces\{f05c40b3-b398-43ab-b672-737e6f5d766a}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://news.google.com/nwshp?hl=en&tab=wn&ei=jO8MVeSNLeq1sQTs-oLgCA&ved=0CAUQqS4oBQ
SearchScopes: HKLM -> ComcastSearch URL = hxxp://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1955353798-2932276707-1562356408-1000 -> DefaultScope {3109C925-0AD5-48E3-8CF4-A7604FF5574C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US0D20131201&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1955353798-2932276707-1562356408-1000 -> {3109C925-0AD5-48E3-8CF4-A7604FF5574C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US0D20131201&p={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1468860397774
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-03-19] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19] (Skype Technologies S.A.)

FireFox:
========
FF DefaultProfile: d855qiec.rk062017
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\2am2a1z0.default-1496888375533 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default [2018-06-11]
FF Homepage: Mozilla\Firefox\Profiles\lxg22szv.default -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF NewTab: Mozilla\Firefox\Profiles\lxg22szv.default -> about:newtab
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2015-01-29] [Legacy] [not signed]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\McSiteAdvisor.xml [2015-11-04]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\yahoo-avast.xml [2016-11-08]
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012 [2018-07-18]
FF Homepage: Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012 -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF NewTab: Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012 -> about:newtab
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\yahoo-avast.xml [2016-11-08]
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017 [2018-07-19]
FF Homepage: Mozilla\Firefox\Profiles\d855qiec.rk062017 -> hxxps://news.google.com/nwshp?hl=en&tab=Tn&ei=za-rWN-EMYLQmAHK6b6ACg&ved=0EKkuCA0oBQ
FF NewTab: Mozilla\Firefox\Profiles\d855qiec.rk062017 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\d855qiec.rk062017 -> type", 4
FF Extension: (Disconnect) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\2.0@disconnect.me.xpi [2017-06-09]
FF Extension: (Canvas Defender) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\@canvas-shadow.xpi [2018-06-01]
FF Extension: (Facebook Container) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\@contain-facebook.xpi [2018-04-19]
FF Extension: (FullRip.net Youtube Video Converter) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\admin@fullrip.net.xpi [2016-04-27] [Legacy]
FF Extension: (Social Fixer for Facebook) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\betterfacebook@mattkruse.com.xpi [2018-06-25]
FF Extension: (Bookmark Duplicate Cleaner) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\bookmarkdup@localghost.net.xpi [2016-04-27] [Legacy]
FF Extension: (Blur) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\donottrackplus@abine.com.xpi [2018-05-01]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\firefox@ghostery.com.xpi [2018-07-18]
FF Extension: (Bookmarks Checker - check for bad links) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\firefoxbookmarkchecker@everhelper.me.xpi [2016-05-13] [Legacy]
FF Extension: (Valence) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\fxdevtools-adapters@mozilla.org [2017-08-03] [Legacy]
FF Extension: (Go Parent Folder) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\goParentFolder@alice.xpi [2016-04-26] [Legacy]
FF Extension: (MaskMe) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\idme@abine.com [2017-06-08] [Legacy]
FF Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\info@priceblink.com.xpi [2017-10-24]
FF Extension: (Print Friendly & PDF) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\jid0-YQz0l1jthOIz179ehuitYAOdBEs@jetpack.xpi [2018-04-27]
FF Extension: (No Name) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\nostmp [2017-06-08] [not signed]
FF Extension: (PageZipper) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\pagezipper@printwhatyoulike.com.xpi [2016-11-04]
FF Extension: (Places Maintenance) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\places-maintenance@bonardo.net.xpi [2017-06-02] [Legacy]
FF Extension: (Rain Alarm Extension) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\rain-alarm@mdiener.de.xpi [2017-11-03]
FF Extension: (Show Parent Folder) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\showParentFolder@alice.xpi [2016-09-13] [Legacy]
FF Extension: (TrashMail.com: Create disposable address) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\spam@trashmail.net.xpi [2018-01-05]
FF Extension: (SQLite Manager) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-26] [Legacy]
FF Extension: (Ancestry.com Advanced Image Viewer) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\support@ancestry(2).com [2017-06-08] [Legacy] [not signed]
FF Extension: (Ancestry.com Advanced Image Viewer) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\support@ancestry.com [2017-06-08] [Legacy] [not signed]
FF Extension: (Open With Adobe PDF Reader) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{21a1b1c3-5029-4660-bfa4-0274adc69439}.xpi [2018-04-27]
FF Extension: (CacheViewer Continued) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-07-07] [Legacy] [not signed]
FF Extension: (Re-Pagination) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{6072cb90-a0bd-11da-a746-0800200c9a66}.xpi [2016-10-08] [Legacy]
FF Extension: (CacheViewer) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2017-05-11] [Legacy]
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2017-06-08] [Legacy] [not signed]
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3) [2017-06-08] [Legacy] [not signed]
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-07-17]
FF Extension: (Tracking Token Stripper) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{9fda17be-849d-4f5b-a326-28d25f0f6d29}.xpi [2018-06-01]
FF Extension: (B.S. Detector) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{a685065d-4f22-423a-ba57-76022aed8144}.xpi [2018-04-08]
FF Extension: (HP Detect) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2017-06-08] [Legacy] [not signed]
FF Extension: (Video DownloadHelper) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-10]
FF Extension: (Docs Online Viewer) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{bfb54675-2fd9-4e22-949d-c36333aff6b5}.xpi [2018-06-01]
FF Extension: (Safe Web with VirusTotal) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{c53b95bc-1403-4076-a618-25aef2dd37fa}.xpi [2018-03-17]
FF Extension: (LinkExtend) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi [2016-11-11] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2017-06-08] [Legacy] [not signed]
FF Extension: (Adblock Plus) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
FF Extension: (BetterPrivacy) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(2) [2017-06-08] [Legacy] [not signed]
FF Extension: (BetterPrivacy) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-04] [Legacy]
FF Extension: (DownThemAll!) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-30] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-17]
FF Extension: (No Name) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\extensions\rain-alarm@mdiener.de [not found]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\ixquick-https.xml [2014-09-03]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\siteadvisor.xml [2008-05-24]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\yahoo-avast.xml [2016-11-08]
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Copy of Mozilla 052308\Firefox\Profiles\lxg22szv.default [2015-01-29]
FF Homepage: Copy of Mozilla 052308\Firefox\Profiles\lxg22szv.default -> www.msn.com
FF Extension: (NoScript) - C:\Users\OWNER\AppData\Roaming\Copy of Mozilla 052308\Firefox\Profiles\lxg22szv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2015-01-29] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\SiteAdvisor\6261\FF [not found]
FF Extension: (No Name) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [not found]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-17] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: @hulu.com/Hulu Desktop -> C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\OWNER\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-01-20] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\OWNER\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-02-03] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: bluejeans.com/bjninstallplugin -> C:\Users\OWNER\AppData\Roaming\Blue Jeans\bjnplugin\2.100.53.8\npbjninstallplugin_2.100.53.8.dll [2015-05-29] (Blue Jeans)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: bluejeans.com/bjnplugin -> C:\Users\OWNER\AppData\Roaming\Blue Jeans\bjnplugin\2.100.53.8\npbjnplugin_2.100.53.8.dll [2015-05-29] (Blue Jeans)
FF Plugin HKU\S-1-5-21-1955353798-2932276707-1562356408-1000: jpl.nasa.gov/NASAEyes -> C:\Users\OWNER\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-12-13] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\OWNER\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-24] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\OWNER\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\OWNER\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-25] ()
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-05-09]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US0D20131201&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default [2018-07-18]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-06-08]
CHR Extension: (ICE Quick Stream) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-06-08]
CHR Extension: (MaskMe) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2015-01-29]
CHR Extension: (Encipher It) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimncfoplhkgepigcpgjheeccdhemcfj [2015-01-29]
CHR Extension: (Avast Online Security) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-18]
CHR Extension: (Social Fixer for Facebook) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2018-07-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-13]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-17]
CHR Extension: (Google Slides) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-11]
CHR Extension: (Google Docs) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-11]
CHR Extension: (Google Drive) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-11]
CHR Extension: (YouTube) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-11]
CHR Extension: (Google Sheets) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-11]
CHR Extension: (SiteAdvisor) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Avast Online Security) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR Extension: (Gmail) - C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-11]
CHR Profile: C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-26]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-05-04] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-05-27] (AOMEI Tech Co., Ltd.)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
S3 DbgSvc; C:\Program Files\DebugDiag\DbgSvc.exe [451848 2011-07-12] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
S3 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
S4 DNSCrypt; C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [14336 2012-08-03] () [File not signed]
S3 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel)
S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S3 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
S4 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4327376 2018-04-02] (SecureMix LLC)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-18] (SurfRight B.V.)
R3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S3 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S4 lxeaCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-22] (McAfee, Inc.)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S3 MSDTC; C:\WINDOWS\SysWOW64\msdtc.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [64512 2009-07-13] (Hewlett-Packard) [File not signed]
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Spooler; C:\WINDOWS\SysWOW64\spoolsv.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe [14407384 2014-06-12] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [675184 2017-06-11] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 33451238; C:\WINDOWS\system32\drivers\33451238.sys [255928 2018-07-16] (Malwarebytes)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-14] (Emsisoft GmbH)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-07-15] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-07-15] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-07-15] (AVAST Software)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2015-03-03] (Toolwiz.com)
R0 BTOWSVF; C:\WINDOWS\System32\Drivers\BTOWSVF.sys [50520 2017-06-24] (Toolwiz.com)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-08-14] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [276256 2017-10-27] (Digiarty Software, Inc.)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R0 KSafeDISK; C:\WINDOWS\System32\Drivers\KSafeDISK.sys [51544 2017-06-24] (Toolwiz.com)
R0 libwamf; C:\WINDOWS\System32\DRIVERS\libwamf.sys [22320 2017-01-29] (OPSWAT, Inc.)
R0 libwasys; C:\WINDOWS\System32\DRIVERS\libwasys.sys [29488 2017-01-29] (OPSWAT, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-08-23] ()
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 pwdrvio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S4 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Sandboxie Holdings, LLC)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)
U2 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-19 02:32 - 2018-07-19 02:32 - 000001202 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2018-07-19 02:32 - 2018-07-19 02:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2018-07-19 02:32 - 2018-07-19 02:32 - 000000000 ____D C:\Program Files (x86)\Runtime Software
2018-07-18 22:16 - 2018-07-18 22:16 - 001994243 _____ C:\Users\Public\Documents\How to backup and restore your data using Cobian Backup-bleeping.pdf
2018-07-18 22:06 - 2018-07-18 22:07 - 036786232 _____ (Adlice Software ) C:\Users\OWNER\Desktop\RogueKiller_setup_ref3.exe
2018-07-18 12:55 - 2018-07-18 12:55 - 000003794 _____ C:\WINDOWS\System32\Tasks\tmpDCC9
2018-07-18 12:55 - 2018-07-18 12:55 - 000003584 _____ C:\WINDOWS\System32\Tasks\tmp3153
2018-07-18 12:55 - 2018-07-18 12:55 - 000003550 _____ C:\WINDOWS\System32\Tasks\tmp86E7
2018-07-18 07:08 - 2018-07-18 07:08 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6335A759.sys
2018-07-18 03:32 - 2018-07-18 03:32 - 000003582 _____ C:\WINDOWS\System32\Tasks\tmp1344
2018-07-18 01:26 - 2018-07-18 01:30 - 000204238 _____ C:\TDSSKiller.3.1.0.17_18.07.2018_01.26.55_log.txt
2018-07-18 01:25 - 2018-07-18 01:25 - 000000366 _____ C:\TDSSKiller.3.1.0.12_18.07.2018_01.25.53_log.txt
2018-07-17 23:15 - 2018-07-19 00:50 - 000000000 ____D C:\Program Files\CCleaner
2018-07-17 23:15 - 2018-07-17 23:15 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-17 23:15 - 2018-07-17 23:15 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-17 23:15 - 2018-07-17 23:15 - 000000881 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-17 23:15 - 2018-07-17 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-17 02:41 - 2018-07-18 03:19 - 147324928 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-07-17 02:26 - 2018-07-17 02:41 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-07-16 03:55 - 2018-07-16 09:09 - 000001765 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2018-07-16 03:14 - 2018-07-16 03:14 - 000001930 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-16 03:14 - 2018-07-16 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-16 03:14 - 2018-07-16 03:14 - 000000000 ____D C:\ProgramData\MB2Migration
2018-07-16 03:14 - 2018-07-16 03:14 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-16 03:14 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-16 01:22 - 2018-07-16 01:22 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\33451238.sys
2018-07-16 01:21 - 2018-07-16 01:21 - 014178840 _____ (Malwarebytes Corp.) C:\Users\OWNER\Desktop\mbar-1.10.3.1001.exe
2018-07-16 01:15 - 2018-07-16 01:15 - 000000000 ____D C:\Users\OWNER\Desktop\mbar
2018-07-15 21:39 - 2018-07-15 21:39 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-07-15 21:19 - 2018-07-15 21:52 - 000000000 ____D C:\Users\OWNER\AppData\Local\AVAST Software
2018-07-15 21:17 - 2018-07-15 21:16 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-07-15 21:17 - 2018-07-15 21:16 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-07-15 21:17 - 2018-07-15 21:15 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-07-13 02:32 - 2018-07-13 02:32 - 000029358 _____ C:\Users\OWNER\Desktop\Eastman UR Bday party-BOS.xlsx
2018-07-12 11:30 - 2018-07-12 11:30 - 000002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-12 11:30 - 2018-07-12 11:30 - 000000000 ____D C:\Program Files\Google
2018-07-11 10:31 - 2018-06-28 21:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-11 10:31 - 2018-06-28 21:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 19:05 - 2018-07-06 10:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 19:05 - 2018-07-06 10:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 19:05 - 2018-07-06 10:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 19:05 - 2018-07-06 10:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 19:05 - 2018-07-06 09:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 19:05 - 2018-07-06 09:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 19:05 - 2018-07-06 07:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 19:05 - 2018-07-06 07:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 19:05 - 2018-07-06 03:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 19:05 - 2018-07-06 03:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 19:05 - 2018-07-06 03:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 19:05 - 2018-07-06 03:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 19:05 - 2018-07-06 03:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 19:05 - 2018-07-06 03:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 19:05 - 2018-07-06 03:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 19:05 - 2018-07-06 03:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 19:05 - 2018-07-06 03:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 19:05 - 2018-07-06 03:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 19:05 - 2018-07-06 03:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 19:05 - 2018-07-06 03:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 19:05 - 2018-07-06 03:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 19:05 - 2018-07-06 02:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 19:05 - 2018-07-06 02:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 19:05 - 2018-07-06 02:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 19:05 - 2018-07-06 02:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 19:05 - 2018-07-06 02:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 19:05 - 2018-07-06 02:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 19:05 - 2018-06-15 13:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 19:05 - 2018-06-15 13:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 19:05 - 2018-06-15 13:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 19:05 - 2018-06-15 11:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 19:05 - 2018-06-15 11:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 19:05 - 2018-06-15 01:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-10 19:05 - 2018-06-15 01:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 19:05 - 2018-06-15 01:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 19:05 - 2018-06-15 01:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 19:05 - 2018-06-15 01:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 19:05 - 2018-06-15 01:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-10 19:05 - 2018-06-15 01:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 19:05 - 2018-06-15 01:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 19:05 - 2018-06-15 01:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 19:05 - 2018-06-15 01:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 19:05 - 2018-06-15 01:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 19:05 - 2018-06-15 01:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-10 19:05 - 2018-06-15 01:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-10 19:05 - 2018-06-15 00:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-10 19:05 - 2018-06-15 00:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-10 19:05 - 2018-06-15 00:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 19:05 - 2018-06-15 00:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 19:05 - 2018-06-15 00:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 19:05 - 2018-06-15 00:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 19:04 - 2018-07-06 10:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 19:04 - 2018-07-06 10:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 19:04 - 2018-07-06 10:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 19:04 - 2018-07-06 10:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 19:04 - 2018-07-06 10:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 19:04 - 2018-07-06 10:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 19:04 - 2018-07-06 10:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 19:04 - 2018-07-06 09:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 19:04 - 2018-07-06 09:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 19:04 - 2018-07-06 09:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 19:04 - 2018-07-06 09:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 19:04 - 2018-07-06 09:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 19:04 - 2018-07-06 09:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 19:04 - 2018-07-06 09:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 19:04 - 2018-07-06 09:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 19:04 - 2018-07-06 09:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 19:04 - 2018-07-06 09:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 19:04 - 2018-07-06 09:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 19:04 - 2018-07-06 08:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 19:04 - 2018-07-06 07:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 19:04 - 2018-07-06 07:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 19:04 - 2018-07-06 07:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 19:04 - 2018-07-06 07:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 19:04 - 2018-07-06 07:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 19:04 - 2018-07-06 07:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 19:04 - 2018-07-06 07:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 19:04 - 2018-07-06 07:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 19:04 - 2018-07-06 07:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 19:04 - 2018-07-06 07:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 19:04 - 2018-07-06 03:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 19:04 - 2018-07-06 03:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 19:04 - 2018-07-06 03:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 19:04 - 2018-07-06 03:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 19:04 - 2018-07-06 03:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 19:04 - 2018-07-06 03:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 19:04 - 2018-07-06 03:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 19:04 - 2018-07-06 03:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 19:04 - 2018-07-06 03:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 19:04 - 2018-07-06 03:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 19:04 - 2018-07-06 03:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 19:04 - 2018-07-06 03:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 19:04 - 2018-07-06 03:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 19:04 - 2018-07-06 03:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 19:04 - 2018-07-06 03:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 19:04 - 2018-07-06 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 19:04 - 2018-07-06 03:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 19:04 - 2018-07-06 03:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 19:04 - 2018-07-06 03:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 19:04 - 2018-07-06 03:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 19:04 - 2018-07-06 03:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 19:04 - 2018-07-06 03:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 19:04 - 2018-07-06 03:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 19:04 - 2018-07-06 03:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 19:04 - 2018-07-06 03:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 19:04 - 2018-07-06 03:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 19:04 - 2018-07-06 03:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 19:04 - 2018-07-06 03:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 19:04 - 2018-07-06 03:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 19:04 - 2018-07-06 03:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 19:04 - 2018-07-06 03:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 19:04 - 2018-07-06 02:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 19:04 - 2018-07-06 02:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 19:04 - 2018-07-06 02:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 19:04 - 2018-07-06 02:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 19:04 - 2018-07-06 02:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 19:04 - 2018-07-06 02:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 19:04 - 2018-07-06 02:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 19:04 - 2018-07-06 02:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 19:04 - 2018-07-06 02:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 19:04 - 2018-07-06 02:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 19:04 - 2018-07-06 02:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 19:04 - 2018-07-06 02:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 19:04 - 2018-07-06 02:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 19:04 - 2018-07-06 01:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 19:04 - 2018-06-29 00:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 19:04 - 2018-06-15 13:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 19:04 - 2018-06-15 13:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 19:04 - 2018-06-15 13:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-10 19:04 - 2018-06-15 13:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-10 19:04 - 2018-06-15 13:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 19:04 - 2018-06-15 13:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 19:04 - 2018-06-15 13:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 19:04 - 2018-06-15 13:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 19:04 - 2018-06-15 13:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-10 19:04 - 2018-06-15 13:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-10 19:04 - 2018-06-15 13:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 19:04 - 2018-06-15 13:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 19:04 - 2018-06-15 13:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-10 19:04 - 2018-06-15 13:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 19:04 - 2018-06-15 13:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 19:04 - 2018-06-15 13:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-10 19:04 - 2018-06-15 13:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 19:04 - 2018-06-15 13:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 19:04 - 2018-06-15 13:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 19:04 - 2018-06-15 13:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-10 19:04 - 2018-06-15 13:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-10 19:04 - 2018-06-15 13:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-10 19:04 - 2018-06-15 13:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-10 19:04 - 2018-06-15 13:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 19:04 - 2018-06-15 13:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-10 19:04 - 2018-06-15 13:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-10 19:04 - 2018-06-15 13:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 19:04 - 2018-06-15 13:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 19:04 - 2018-06-15 13:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 19:04 - 2018-06-15 11:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-10 19:04 - 2018-06-15 11:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-10 19:04 - 2018-06-15 11:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 19:04 - 2018-06-15 11:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-10 19:04 - 2018-06-15 11:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-10 19:04 - 2018-06-15 11:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-10 19:04 - 2018-06-15 11:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-10 19:04 - 2018-06-15 11:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 19:04 - 2018-06-15 11:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-10 19:04 - 2018-06-15 11:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-10 19:04 - 2018-06-15 11:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-10 19:04 - 2018-06-15 09:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 19:04 - 2018-06-15 03:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-10 19:04 - 2018-06-15 03:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-10 19:04 - 2018-06-15 03:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-10 19:04 - 2018-06-15 01:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 19:04 - 2018-06-15 01:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 19:04 - 2018-06-15 01:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 19:04 - 2018-06-15 01:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 19:04 - 2018-06-15 01:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 19:04 - 2018-06-15 01:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-10 19:04 - 2018-06-15 01:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-10 19:04 - 2018-06-15 01:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 19:04 - 2018-06-15 01:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-10 19:04 - 2018-06-15 01:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 19:04 - 2018-06-15 01:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 19:04 - 2018-06-15 01:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-10 19:04 - 2018-06-15 01:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-10 19:04 - 2018-06-15 01:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-10 19:04 - 2018-06-15 01:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 19:04 - 2018-06-15 01:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-10 19:04 - 2018-06-15 01:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-10 19:04 - 2018-06-15 01:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 19:04 - 2018-06-15 01:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-10 19:04 - 2018-06-15 01:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-10 19:04 - 2018-06-15 01:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-10 19:04 - 2018-06-15 01:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 19:04 - 2018-06-15 01:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 19:04 - 2018-06-15 01:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 19:04 - 2018-06-15 01:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 19:04 - 2018-06-15 01:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 19:04 - 2018-06-15 01:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 19:04 - 2018-06-15 01:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-10 19:04 - 2018-06-15 01:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-10 19:04 - 2018-06-15 01:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 19:04 - 2018-06-15 01:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-10 19:04 - 2018-06-15 01:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-10 19:04 - 2018-06-15 01:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-10 19:04 - 2018-06-15 01:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-10 19:04 - 2018-06-15 01:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-10 19:04 - 2018-06-15 01:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-10 19:04 - 2018-06-15 00:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-10 19:04 - 2018-06-15 00:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 19:04 - 2018-06-15 00:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-10 19:04 - 2018-06-15 00:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-10 19:04 - 2018-06-15 00:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-10 19:04 - 2018-06-15 00:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-10 19:04 - 2018-06-15 00:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-10 19:04 - 2018-06-15 00:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-10 19:04 - 2018-06-15 00:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-10 19:04 - 2018-06-15 00:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-10 19:04 - 2018-06-15 00:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-10 19:04 - 2018-06-15 00:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 19:04 - 2018-06-15 00:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 19:04 - 2018-06-15 00:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 19:04 - 2018-06-15 00:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 19:04 - 2018-06-15 00:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 19:04 - 2018-06-15 00:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-10 19:04 - 2018-06-15 00:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-10 19:04 - 2018-06-15 00:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-10 19:04 - 2018-06-15 00:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 19:04 - 2018-06-15 00:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 19:04 - 2018-06-15 00:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 19:04 - 2018-06-15 00:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 19:04 - 2018-06-15 00:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-10 19:04 - 2018-06-15 00:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-10 19:04 - 2018-06-15 00:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 19:04 - 2018-06-15 00:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 19:04 - 2018-06-15 00:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-10 19:04 - 2018-06-15 00:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 19:04 - 2018-06-15 00:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-10 19:04 - 2018-06-01 01:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 19:04 - 2018-05-20 07:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-10 19:04 - 2018-05-20 07:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-10 12:12 - 2018-07-18 01:04 - 000000000 ____D C:\ProgramData\Packages
2018-07-07 14:26 - 2018-07-07 14:26 - 000020146 _____ C:\Users\OWNER\Desktop\Your Facebook Recovery Codes_7-2018.pdf
2018-06-28 09:54 - 2018-07-10 13:55 - 000000648 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1955353798-2932276707-1562356408-1000.job
2018-06-28 09:54 - 2018-07-10 13:55 - 000000552 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1955353798-2932276707-1562356408-1000.job
2018-06-28 09:54 - 2018-06-28 09:54 - 000003804 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1955353798-2932276707-1562356408-1000
2018-06-28 09:54 - 2018-06-28 09:54 - 000003708 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1955353798-2932276707-1562356408-1000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-19 16:20 - 2016-11-30 21:53 - 000000000 ____D C:\FRST
2018-07-19 16:16 - 2016-11-20 12:29 - 000000000 ____D C:\Users\OWNER\AppData\LocalLow\Mozilla
2018-07-19 16:14 - 2018-05-20 12:18 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1904AB5D-14FE-4F47-B2A2-FA7571B816CC}
2018-07-19 16:14 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-19 16:14 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-19 16:11 - 2017-10-29 00:30 - 000000000 ____D C:\Users\OWNER\AppData\Roaming\WD Discovery
2018-07-19 16:10 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-19 16:10 - 2016-11-20 06:00 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2018-07-19 11:47 - 2007-03-20 01:08 - 000000000 ____D C:\Users\OWNER\Desktop\Emergency Malware programs 3 19 07
2018-07-19 10:25 - 2018-05-20 11:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-19 02:29 - 2016-11-30 01:43 - 000000000 ____D C:\Program Files\RogueKiller
2018-07-19 01:18 - 2017-10-28 23:30 - 000000000 ____D C:\Users\OWNER\AppData\Roaming\Everything
2018-07-19 01:18 - 2017-10-28 23:30 - 000000000 ____D C:\Users\OWNER\AppData\Local\Everything
2018-07-19 00:10 - 2016-11-20 06:03 - 000000000 ____D C:\Users\DefaultAppPool
2018-07-19 00:09 - 2015-04-13 15:39 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-07-19 00:08 - 2016-11-30 01:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-07-18 23:20 - 2017-10-30 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2018-07-18 22:20 - 2007-02-26 02:19 - 000000000 ____D C:\Users\OWNER\Documents\Computer Info & Utilities 2007
2018-07-18 21:47 - 2012-10-08 23:54 - 000000000 ____D C:\Users\OWNER\Desktop\Deals Coup Receipts
2018-07-18 18:19 - 2018-05-20 12:18 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForOWNER
2018-07-18 18:19 - 2018-01-25 14:12 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForOWNER.job
2018-07-18 14:06 - 2011-10-06 16:16 - 000000000 ____D C:\Users\OWNER\AppData\Local\CrashDumps
2018-07-18 12:55 - 2018-05-20 12:18 - 000004116 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2018-07-18 12:52 - 2017-10-08 23:15 - 000000000 ____D C:\Users\OWNER\Desktop\Computer check
2018-07-18 12:21 - 2015-04-26 16:09 - 000000000 ____D C:\ProgramData\PCDr
2018-07-18 12:20 - 2013-06-21 09:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-18 07:08 - 2008-07-10 21:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-18 06:44 - 2018-06-04 19:10 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-18 03:36 - 2017-03-29 12:55 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-07-18 03:27 - 2018-05-20 11:52 - 000233236 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-18 03:20 - 2018-05-20 12:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-18 03:20 - 2016-07-19 11:15 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2018-07-18 03:19 - 2018-05-20 11:53 - 000000000 ____D C:\Users\OWNER
2018-07-18 03:19 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-18 03:10 - 2013-08-20 21:18 - 000000000 ____D C:\AdwCleaner
2018-07-18 00:20 - 2018-05-25 23:04 - 000000000 ____D C:\Users\OWNER\Desktop\Cognimates-AI computer projects
2018-07-18 00:16 - 2007-02-21 04:02 - 000000000 ____D C:\Users\OWNER\Desktop\Installation files
2018-07-17 23:18 - 2018-05-18 09:52 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-17 23:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-17 23:18 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-17 22:25 - 2012-11-26 10:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-17 22:17 - 2014-04-16 15:29 - 000006841 _____ C:\Users\OWNER\Documents\.Rhistory
2018-07-17 22:17 - 2014-04-16 15:29 - 000000000 ____D C:\Users\OWNER\AppData\Roaming\RStudio
2018-07-17 22:17 - 2014-04-16 14:55 - 000000000 ____D C:\Users\OWNER\AppData\Local\RStudio-Desktop
2018-07-17 21:46 - 2017-06-10 18:55 - 000271360 _____ C:\Users\OWNER\AppData\Local\WebpageIcons.db
2018-07-17 08:44 - 2017-06-07 23:19 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-17 08:44 - 2017-06-07 23:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-17 08:41 - 2017-12-29 20:38 - 000000000 ____D C:\Program Files\Family Tree Maker 2017
2018-07-17 08:41 - 2008-12-15 00:33 - 000000000 ____D C:\Users\OWNER\Documents\Family Tree Maker
2018-07-16 22:53 - 2013-03-14 17:01 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 09:09 - 2016-07-28 20:28 - 000000000 ____D C:\Program Files\Rainmeter
2018-07-16 03:14 - 2015-10-18 18:37 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware v2.2.0.1024
2018-07-16 00:12 - 2016-09-30 02:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-15 22:52 - 2015-03-03 23:17 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-15 22:51 - 2017-07-10 22:54 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2018-07-15 22:48 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-07-15 21:33 - 2017-07-10 22:55 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2018-07-15 21:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ELAMBKUP
2018-07-14 08:13 - 2011-08-18 20:26 - 000007617 _____ C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2018-07-14 00:51 - 2015-06-17 01:25 - 000000000 ____D C:\Users\OWNER\AppData\Roaming\Notepad++
2018-07-13 23:01 - 2018-04-09 18:37 - 000000000 ____D C:\Users\OWNER\.spyder-py3
2018-07-13 23:01 - 2017-08-18 23:49 - 000000081 _____ C:\Users\OWNER\.condarc
2018-07-12 12:03 - 2016-06-04 09:54 - 000000000 ____D C:\Users\OWNER\Desktop\Data Science e-Books
2018-07-11 22:34 - 2018-05-20 12:18 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-11 22:34 - 2015-07-10 11:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-11 13:38 - 2018-06-09 21:04 - 000000000 ____D C:\Users\OWNER\Desktop\SocialAnalytics
2018-07-11 10:32 - 2017-12-04 18:34 - 000000000 ___RD C:\Users\OWNER\3D Objects
2018-07-11 10:32 - 2016-11-20 14:51 - 000000000 ___RD C:\Users\Public\AccountPictures
2018-07-11 10:31 - 2018-05-20 11:45 - 000666224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 00:29 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 00:29 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 00:29 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 00:29 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 00:29 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 00:29 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 21:21 - 2018-05-20 12:18 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-10 21:21 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-10 21:21 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-07-10 19:22 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-10 19:21 - 2013-08-15 03:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 19:15 - 2011-06-05 23:42 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 13:49 - 2018-05-20 12:18 - 000002984 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Registry Backup
2018-07-09 16:37 - 2017-11-14 21:41 - 000002218 _____ C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-03 12:35 - 2014-11-18 04:18 - 000000000 ____D C:\Users\OWNER\AppData\Local\ElevatedDiagnostics
2018-06-30 17:54 - 2013-05-15 15:25 - 000000000 ____D C:\Users\OWNER\Desktop\Articles TO READ
2018-06-28 18:53 - 2017-11-29 13:56 - 000000000 ____D C:\Users\OWNER\AppData\Local\GoToMeeting
2018-06-27 22:27 - 2018-02-21 13:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 11:31 - 2011-09-08 21:58 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2011-01-18 04:50 - 2011-01-18 04:50 - 132609310 _____ () C:\Program Files (x86)\openofficeorg1.cab
2011-01-18 04:53 - 2011-01-18 04:53 - 002994688 _____ () C:\Program Files (x86)\openofficeorg33.msi
2011-01-18 04:05 - 2011-01-18 04:05 - 000000290 _____ () C:\Program Files (x86)\setup.ini
2011-01-22 19:53 - 2011-06-03 23:09 - 000006560 _____ () C:\Users\OWNER\AppData\Roaming\HPCOM_48BitScanUpdate.log
2017-01-30 11:25 - 2016-12-14 09:45 - 000000701 _____ () C:\Users\OWNER\AppData\Roaming\pcsound.dll
2017-01-30 11:29 - 2017-09-13 20:42 - 000000053 _____ () C:\Users\OWNER\AppData\Roaming\pdfcompressor.ini
2014-08-24 03:01 - 2017-02-24 13:35 - 000773632 _____ (Robert Simpson, et al.) C:\Users\OWNER\AppData\Roaming\System.Data.SQLite.dll
2015-02-05 00:48 - 2016-07-20 18:18 - 000001167 _____ () C:\Users\OWNER\AppData\Roaming\trace_FilterInstaller.1.txt
2015-02-05 00:48 - 2015-02-05 03:10 - 000000919 _____ () C:\Users\OWNER\AppData\Roaming\trace_FilterInstaller.2.txt
2015-02-05 00:48 - 2015-02-05 00:48 - 000001181 _____ () C:\Users\OWNER\AppData\Roaming\trace_FilterInstaller.3.txt
2015-02-05 00:48 - 2016-07-20 18:31 - 000000905 _____ () C:\Users\OWNER\AppData\Roaming\trace_FilterInstaller.txt
2015-02-05 00:48 - 2016-07-20 18:31 - 000000000 _____ () C:\Users\OWNER\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-08-05 16:56 - 2017-02-10 00:56 - 000000600 _____ () C:\Users\OWNER\AppData\Roaming\winscp.rnd
2014-08-06 01:46 - 2014-08-06 01:46 - 000145017 _____ () C:\Users\OWNER\AppData\Local\ars.cache
2014-08-06 01:46 - 2014-08-06 01:46 - 000292203 _____ () C:\Users\OWNER\AppData\Local\census.cache
2007-06-28 23:22 - 2016-06-18 01:30 - 000053248 _____ () C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-03-18 23:52 - 2007-03-26 02:06 - 000000718 _____ () C:\Users\OWNER\AppData\Local\HipEnforceFrontend.settings
2014-08-06 01:28 - 2014-08-06 01:28 - 000000036 _____ () C:\Users\OWNER\AppData\Local\housecall.guid.cache
2017-01-15 01:52 - 2017-02-08 11:48 - 000000447 _____ () C:\Users\OWNER\AppData\Local\infection.log
2014-05-08 21:36 - 2014-05-08 21:36 - 000016361 _____ () C:\Users\OWNER\AppData\Local\Perfmon.PerfmonCfg
2011-08-18 20:26 - 2018-07-14 08:13 - 000007617 _____ () C:\Users\OWNER\AppData\Local\Resmon.ResmonCfg
2014-08-06 01:37 - 2014-08-06 01:37 - 000000010 _____ () C:\Users\OWNER\AppData\Local\sponge.last.runtime.cache
2017-06-10 18:55 - 2018-07-17 21:46 - 000271360 _____ () C:\Users\OWNER\AppData\Local\WebpageIcons.db
2015-04-01 14:44 - 2015-01-29 11:14 - 000010240 _____ () C:\Users\OWNER\AppData\Local\Z@!-523b18d9-6f00-4b19-ac56-f3dd98bbbf3d.tmp
2015-04-01 14:44 - 2015-01-29 11:14 - 000009216 _____ () C:\Users\OWNER\AppData\Local\Z@S!-596636f6-6147-4a69-b60f-3ad13b56ad32.tmp

Some files in TEMP:
====================
2018-07-19 00:08 - 2018-07-06 03:25 - 001945784 _____ (Microsoft Corporation) C:\Users\OWNER\AppData\Local\Temp\dllnt_dump.dll
2018-07-19 10:29 - 2018-07-19 10:29 - 001906040 _____ (Oracle Corporation) C:\Users\OWNER\AppData\Local\Temp\jre-8u181-windows-au.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\hkcmd.exe
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\igfxtray.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\msdtc.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 11:45

==================== End of FRST.txt ============================



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 20 July 2018 - 07:48 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\2am2a1z0.default-1496888375533 [not found] <==== ATTENTION
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\yahoo-avast.xml [2016-11-08]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\yahoo-avast.xml [2016-11-08]
FF Extension: (Open With Adobe PDF Reader) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{21a1b1c3-5029-4660-bfa4-0274adc69439}.xpi [2018-04-27]
FF Extension: (CacheViewer Continued) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-07-07] [Legacy] [not signed]
FF Extension: (Tracking Token Stripper) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{9fda17be-849d-4f5b-a326-28d25f0f6d29}.xpi [2018-06-01]
FF Extension: (B.S. Detector) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{a685065d-4f22-423a-ba57-76022aed8144}.xpi [2018-04-08]
FF Extension: (Safe Web with VirusTotal) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{c53b95bc-1403-4076-a618-25aef2dd37fa}.xpi [2018-03-17]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\ixquick-https.xml [2014-09-03]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\yahoo-avast.xml [2016-11-08]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\SiteAdvisor\6261\FF [not found]
FF Extension: (No Name) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [not found]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>
S3 MSDTC; C:\WINDOWS\SysWOW64\msdtc.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\WINDOWS\SysWOW64\spoolsv.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
2018-07-18 12:55 - 2018-07-18 12:55 - 000003794 _____ C:\WINDOWS\System32\Tasks\tmpDCC9
2018-07-18 12:55 - 2018-07-18 12:55 - 000003584 _____ C:\WINDOWS\System32\Tasks\tmp3153
2018-07-18 12:55 - 2018-07-18 12:55 - 000003550 _____ C:\WINDOWS\System32\Tasks\tmp86E7
2018-07-18 03:32 - 2018-07-18 03:32 - 000003582 _____ C:\WINDOWS\System32\Tasks\tmp1344
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\hkcmd.exe
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\igfxtray.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\msdtc.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.
Avast does not gve up that easy.

I suggest you download their Uninstaller and run the program.
Navigate to this page and follow the insltructions.
https://www.avast.com/en-ca/uninstall-utility

#8 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 20 July 2018 - 10:30 AM

I saved the above code text, put it in the same directory as FRST64, then ran the fix. I am posting the fix log below

I restarted the computer and found that my Firefox was changed. All my saved extensions, setups etc. were not there. Additionally, I found that the new Firefox v61.x?? Quantum is now on my computer. 

 

When I first started Firefox it asked me to choose a profile (1 of 2) maybe I chose an older one. I am not sure how to choose profiles on firefox. I could try choosing the other one.

 

On the Chrome  browser...extensions were present but some that i expected to have were not there.

 

Of most concern..I tried to reset my system back with System Restore but it seems that the FIX code did not hold or do anything. (I have had problems in the past from system restore not getting set when run from within other programs.)   It seems I need to do a manual system restore set by going into the system restore dialog. I did make a manual system restore on July 16 but i'm not sure if things on my system were were better at that point.

I'd want to recover my old settings for Firefox and chrome if possible. I do have a backup of recent changes made with AOMEI backuppe since last FULL backup in May..

 

We may need to reverse some of the fix...if possible.

 

Thanks for your assistance.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by OWNER (20-07-2018 10:29:39) Run:1
Running from C:\Users\OWNER\Desktop\Emergency Malware programs 3 19 07
Loaded Profiles: OWNER (Available Profiles: OWNER & USER 1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF ProfilePath: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\2am2a1z0.default-1496888375533 [not found] <==== ATTENTION
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\yahoo-avast.xml [2016-11-08]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\yahoo-avast.xml [2016-11-08]
FF Extension: (Open With Adobe PDF Reader) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{21a1b1c3-5029-4660-bfa4-0274adc69439}.xpi [2018-04-27]
FF Extension: (CacheViewer Continued) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013-07-07] [Legacy] [not signed]
FF Extension: (Tracking Token Stripper) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{9fda17be-849d-4f5b-a326-28d25f0f6d29}.xpi [2018-06-01]
FF Extension: (B.S. Detector) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{a685065d-4f22-423a-ba57-76022aed8144}.xpi [2018-04-08]
FF Extension: (Safe Web with VirusTotal) - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{c53b95bc-1403-4076-a618-25aef2dd37fa}.xpi [2018-03-17]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\google-avast.xml [2016-02-11]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\ixquick-https.xml [2014-09-03]
FF SearchPlugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\yahoo-avast.xml [2016-11-08]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [not found]
FF Extension: (No Name) - C:\Program Files\SiteAdvisor\6261\FF [not found]
FF Extension: (No Name) - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [not found]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>
S3 MSDTC; C:\WINDOWS\SysWOW64\msdtc.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\WINDOWS\SysWOW64\lsass.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
R2 Spooler; C:\WINDOWS\SysWOW64\spoolsv.exe [0 2014-08-06] () <==== ATTENTION (zero byte File/Folder)
2018-07-18 12:55 - 2018-07-18 12:55 - 000003794 _____ C:\WINDOWS\System32\Tasks\tmpDCC9
2018-07-18 12:55 - 2018-07-18 12:55 - 000003584 _____ C:\WINDOWS\System32\Tasks\tmp3153
2018-07-18 12:55 - 2018-07-18 12:55 - 000003550 _____ C:\WINDOWS\System32\Tasks\tmp86E7
2018-07-18 03:32 - 2018-07-18 03:32 - 000003582 _____ C:\WINDOWS\System32\Tasks\tmp1344
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\hkcmd.exe
C:\Windows\SysWOW64\igfxpers.exe
C:\Windows\SysWOW64\igfxtray.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\msdtc.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-1955353798-2932276707-1562356408-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED663} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\2am2a1z0.default-1496888375533 => path removed successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\google-avast.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\searchplugins\yahoo-avast.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\google-avast.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\searchplugins\yahoo-avast.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{21a1b1c3-5029-4660-bfa4-0274adc69439}.xpi => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{9fda17be-849d-4f5b-a326-28d25f0f6d29}.xpi => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{a685065d-4f22-423a-ba57-76022aed8144}.xpi => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\Extensions\{c53b95bc-1403-4076-a618-25aef2dd37fa}.xpi => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\google-avast.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\ixquick-https.xml => moved successfully
C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\d855qiec.rk062017\searchplugins\yahoo-avast.xml => moved successfully
C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org => path removed successfully
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} => path removed successfully
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} => path removed successfully
C:\Program Files\SiteAdvisor\6261\FF => path removed successfully
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} => path removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\napjheenlliimoedooldaalpjfidlidp" => removed successfully
"HKLM\System\CurrentControlSet\Services\MSDTC" => removed successfully
MSDTC => service removed successfully
SamSs => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\SamSs" => removed successfully
SamSs => service removed successfully
Spooler => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\Spooler" => removed successfully
Spooler => service removed successfully
"C:\WINDOWS\System32\Tasks\tmpDCC9" => not found
"C:\WINDOWS\System32\Tasks\tmp3153" => not found
"C:\WINDOWS\System32\Tasks\tmp86E7" => not found
"C:\WINDOWS\System32\Tasks\tmp1344" => not found
C:\Windows\SysWOW64\conhost.exe => moved successfully
C:\Windows\SysWOW64\csrss.exe => moved successfully
C:\Windows\SysWOW64\dwm.exe => moved successfully
C:\Windows\SysWOW64\hkcmd.exe => moved successfully
C:\Windows\SysWOW64\igfxpers.exe => moved successfully
C:\Windows\SysWOW64\igfxtray.exe => moved successfully
C:\Windows\SysWOW64\lsass.exe => moved successfully
C:\Windows\SysWOW64\lsm.exe => moved successfully
C:\Windows\SysWOW64\msdtc.exe => moved successfully
C:\Windows\SysWOW64\services.exe => moved successfully
C:\Windows\SysWOW64\smss.exe => moved successfully
C:\Windows\SysWOW64\spoolsv.exe => moved successfully
C:\Windows\SysWOW64\taskhost.exe => moved successfully
C:\Windows\SysWOW64\winlogon.exe => moved successfully
C:\Windows\SysWOW64\WUDFHost.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 96360036 B
Java, Flash, Steam htmlcache => 1025 B
Windows/system/drivers => 326322180 B
Edge => 7983 B
Chrome => 10356460 B
Firefox => 415819716 B
Opera => 5016288 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 10350 B
NetworkService => 0 B
OWNER => 21682727 B
USER 1 => 41441 B

RecycleBin => 31633875 B
EmptyTemp: => 875.2 MB temporary data Removed.

================================
FIX.TXT

The system needed a reboot.

==== End of Fixlog 10:42:35 ====


 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 20 July 2018 - 01:01 PM

Hi,

Your computer was so badly infected that I cleaned the Temporary files.

Unfortunately the follow files were deleted.
The following directories are emptied:
- Windows Temp.
- Users Temp folders
- IE, FF and Chrome cache, Cookies and History.
- Recently opened files cache.
- Flash Player cache.
- Java cache.
- Explorer thumbnail cache and network qmgr?.dat files.
- Recycle Bin

If you have backup of for the IE, FF and Chrome caches restore them.
It's not possible to restore them from the fix.

===

If Firefox was Updated it not from the Fix.

Firefox was changed. All my saved extensions, setups etc. were not there.


The extensions for FF and Chrome as listed in your FRST.TXT log.

Open the file and find the FF and CHR sections.
Google the name of the extensions you wiish to reinstall.
You can also find the extensions by searching the file name such as ... Extensions\pagezipper@printwhatyoulike.com.xpi

#10 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 20 July 2018 - 01:44 PM

How do you believe my computer was "so badly infected"? Thanks for the fix anyway. I'm glad certain things were changed.

 

My computer 'seemed" to operate fine  the last couple days. Whatever i did must have stopped?? further damage and must  have fixed something.

The computer does 'hang" a bit in Thunderbird ie (loading VERY slowly). Will watch this.

 

As for the browser problems:
I can try to pull out the Firefox. profile from my backup and replace that. I'm not sure how to fix chrome and IE.

If you know of steps for doing this please let me know.

 

The update to FFv 61 must have happened earlier.

I could go back to System Restore from July 15 and then re-run all my malware programs and fix again.

(I'd want to save this as a last resort.)

 

I'll try to get the profile files back from the backup.

 

=====

As for an infection:

When i ran ccleaner (a good old copy) MANY entries from firewall had to be removed etc. This seems odd!
I don't know about all the blank entries. Wonder what was previously there.



#11 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 20 July 2018 - 06:10 PM

I have tried creating a new profile on Firefox to rectify that change. I have followed Mozilla instructions and only copied/pasted needed files/folders. This seems to work for now but next I need extensions. I used the most recent backup to recreate firefox.

 

Next issue is i tried to print out the fix log but it seems my printers all need to be re-installed. I don't know how this happened. If there is an easy fix please let me know.

Unfortunately, i am having difficulty retrieving more recent backup from the AOMEI file folder that they create as an iso. I should be able to extract individual files from this.

Major problem with Firefox browser and dialogs frequently "hanging" with screen turning white. Need help fixing this!


Edited by pandabird, 20 July 2018 - 06:12 PM.


#12 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 20 July 2018 - 08:12 PM

It seems like the Printer Spooler service is missing.  I went into services.msc and could not find this file to change setting in properties to enable it.

May try running tweaking.com overnight after doing a sfc /scannow, CHKDSK, and system restore (manual set)...I'll toggle system restore first to clear any infections as I believe I've read this should be done.[Does not seem my restore points will be useful anymore]



#13 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 21 July 2018 - 02:21 AM

Quick note:

 

Ran SF /scannow: No problems

Ran CHKDSK: Needed some repairs

 

Ran Tweaking.com- Windows Repair with most things checked
        Pre-scan needed to repair reparse points and some environment variables (minor..i think)

        Ran most rest of fixes except #2 File association reset??

        Took about 3 hours to run.
        Can send log if you wish

 

Checked and i now have the Print Spool service. Also, printer is now working again.

Still have problem with browser and/or dialogs "hanging" a bit and screen going white at time.

 

[Just got system message pop-up from WIN 10 that my default browser was getting changed back to  Microsoft Edge due to problem with an app (Don't know which one)]
 

Thank for your help and anymore you can provide to help fix remaining above issues.


Edited by pandabird, 21 July 2018 - 02:27 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 21 July 2018 - 06:36 AM

Hi,

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
etc...


This is a sign of a ZeroAccess infection.
It may have been a previous infection that was removed. I did not take any chance on this.

===

I could go back to System Restore from July 15 and then re-run all my malware programs and fix again.

(I'd want to save this as a last resort.)


If your FF and Chrome Caches and profile are important I would do this System Restore.

When completed run the Farbar program and post fresh FRST.txt and Addition.txt logs.

I will review them. My next fix will not include the Empty: command in the fix.

p.s.
In one of the latest Windows Updates I was informed that the CCleaner was removed by Microsoft.
No explanations was given.

#15 pandabird

pandabird
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 21 July 2018 - 10:17 AM

Thank you for the assistance.

 

Most things seem fine now after running tweaking.com Windows Repair.

I transferred important yet a limited number of folders from Firefox old profile backed up per Mozilla instructions (googled profile). I still need to find out how to access my iso backup individual files from the AOMEI backup which I made to get more current sites in bookmarks etc.; if I can't do this I'll need to look for another good backup program.

I may be able to retrieve files from Carbonite backups else I may do the System Restore.

I'll need a day or two to do this but I'll let you know what I do. If you know how to retrieve files from AOMEI backups please let me know. I may need to contact the company.

 

Hanging/ white screens for periods is still an issue. Will monitor this.

 

Will need to review an increase my security protocol:
May switch to openDNS server (in addition to my router) and use Sandboxie more when on internet. I do not know what the issue is with ccleaner but I may restrict future downloads of this getting it ONLY from MajorGeeks or bleeping etc.(clear reputable sites).

I may need to get another Firewall and use a different AV program other  than Windows Defender. Outbound firewall protection would be nice to have.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users