Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.optional.bestoffer


  • This topic is locked This topic is locked
19 replies to this topic

#1 stimpsonthecat

stimpsonthecat

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 01 August 2018 - 11:32 AM

Good day, 

I am wondering if I could get some help with my computer.  Yesterday I installed Winrar because I was having issues with another unpacker.

After installing Winrar I got three icons installed on my computer "Istripper, Hotspot Shield and best offer" none of which I Installed on my computer.

I could not reach a whole bunch of websites after this not even bleeping computer.com and my browsers were being redirected to other websites.

There was a Directory created in the Program Files (x86) called AddSoft.

In the directory there are  five internet links (BestOffer, iStripper, Offer, Offer2, Offer3) and a program wrar550.

 

I ran Malwarebytes anitmalware and it found PUP.optional.bestoffer and quarantined it but the directory still exists.

My internet now seems fine but I would like to make sure that it is all gone.

 

Could you give me any help please.

I am running Windows 10.

 

Thanks

 

Stimpsonthecat



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:44 AM

Posted 01 August 2018 - 11:52 AM

Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html

 

Louis



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 01 August 2018 - 03:36 PM

Greetings stimpsonthecat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Once you are able to complete the steps in the link provided by hamluis we will get started.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 02 August 2018 - 09:34 AM

Hello Gary,

 

My Name is George.

Here are the two files from FRST program.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.08.2018
Ran by stimpsonjcat (administrator) on STIMPYASUSWINDO (02-08-2018 10:29:16)
Running from C:\Users\stimpsonjcat\Downloads
Loaded Profiles: stimpsonjcat (Available Profiles: defaultuser0 & stimpsonjcat)
Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Micron Technology, Inc.) C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-24] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5908432 2018-06-22] (NordVPN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-10-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52cafb36-a590-48c8-a0a7-800c243235ba}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b3b9481-1ecb-4791-b959-e9de37cdd391}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
IE Session Restore: HKU\S-1-5-21-730097171-863105003-3608876083-1001 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-730097171-863105003-3608876083-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: 4dwyuq3l.default
FF ProfilePath: C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default [2018-08-02]
FF NewTab: Mozilla\Firefox\Profiles\4dwyuq3l.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\4dwyuq3l.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\4dwyuq3l.default -> Enabled: pavel.sherbakov@gmail.com
FF Extension: (Avira Browser Safety) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\abs@avira.com.xpi [2018-06-13]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\fvdmedia@gmail.com.xpi [2018-07-05]
FF Extension: (IPvFoo) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\ipvfoo@pmarks.net.xpi [2018-06-15]
FF Extension: (New Tab Page) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\pavel.sherbakov@gmail.com.xpi [2018-07-13]
FF Extension: (Avast SafePrice) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\sp@avast.com.xpi [2018-06-24]
FF Extension: (LastPass: Free Password Manager) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\support@lastpass.com.xpi [2018-07-28]
FF Extension: (Avast Online Security) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\wrc@avast.com.xpi [2018-06-13]
FF Extension: (Session Manager) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-02-14] [Legacy]
FF Extension: (FEBE) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2017-02-14] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-28]
FF SearchPlugin: C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\searchplugins\google-avast.xml [2017-06-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-10-19] (LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-10-19] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default [2018-08-01]
CHR Extension: (Slides) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-31]
CHR Extension: (Docs) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-31]
CHR Extension: (Google Drive) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-17]
CHR Extension: (YouTube) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-17]
CHR Extension: (Sheets) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-31]
CHR Extension: (Avira Browser Safety) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Avast Online Security) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-31]
CHR Extension: (Gmail) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-24] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-24] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-19] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 MicronCacheMonitor; C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe [689152 2016-07-26] (Micron Technology, Inc.) [File not signed]
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [431568 2018-06-22] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [281536 2017-12-11] (Realtek Semiconductor Corp.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106920 2018-07-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-24] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-24] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-24] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-24] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-24] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-24] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-24] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-24] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-24] (AVAST Software)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-01] (Malwarebytes)
R1 mtihint; C:\Windows\system32\Drivers\mtihint.sys [18504 2015-07-13] (Micron Technology, Inc.) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888056 2015-10-14] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [756672 2017-12-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corporation )
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (The OpenVPN Project)
R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [334488 2017-10-17] (Trend Micro Inc.)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-15] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-13] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-02 10:29 - 2018-08-02 10:29 - 000019502 _____ C:\Users\stimpsonjcat\Downloads\FRST.txt
2018-08-02 10:08 - 2018-08-02 10:29 - 000000000 ____D C:\FRST
2018-08-02 10:07 - 2018-08-02 10:07 - 002412544 _____ (Farbar) C:\Users\stimpsonjcat\Downloads\FRST64.exe
2018-08-01 12:35 - 2018-08-01 19:50 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-01 12:35 - 2018-08-01 12:35 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\F-Secure
2018-08-01 12:35 - 2018-08-01 12:35 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\FSDART
2018-08-01 11:58 - 2018-08-01 11:58 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\ESET
2018-08-01 11:55 - 2018-08-01 11:55 - 000734132 _____ C:\Users\stimpsonjcat\AppData\Local\census.cache
2018-08-01 11:55 - 2018-08-01 11:55 - 000319905 _____ C:\Users\stimpsonjcat\AppData\Local\ars.cache
2018-08-01 11:52 - 2018-08-01 11:52 - 000000010 _____ C:\Users\stimpsonjcat\AppData\Local\sponge.last.runtime.cache
2018-08-01 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-01 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-01 11:46 - 2018-08-01 11:46 - 000000036 _____ C:\Users\stimpsonjcat\AppData\Local\housecall.guid.cache
2018-08-01 11:46 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-01 11:34 - 2018-08-01 11:34 - 000516157 ____N C:\Users\Akli5\tough again.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000503062 ____N C:\Users\tikf9q\spend.rayburn.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000216901 ____N C:\Users\Akli5\circulate-seemed-divide.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000201027 ____N C:\Users\tikf9q\dressed_collapse_light_atomic.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000068785 ____N C:\Users\Akli5\increasinglyconservative.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000062926 ____N C:\Users\tikf9q\monarchboating.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000053257 ____N C:\Users\tikf9q\scold.travel.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000052872 ____N C:\Users\Akli5\extend compete.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000026679 ____N C:\Users\tikf9q\wants_exhibit.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000026539 ____N C:\Users\tikf9q\fallcabinpracticalaccount.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000025265 ____N C:\Users\Akli5\release_paused.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000014991 ____N C:\Users\Akli5\portion-dealer-tom-ben.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 __SHD C:\Users\stimpsonjcat\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\tikf9q
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Sresources31
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Ldates34
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\Akli5
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Xpackage62
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Acorganized108
2018-08-01 11:26 - 2018-08-01 11:26 - 000000000 ____D C:\ProgramData\Emsisoft
2018-07-31 10:45 - 2018-07-31 10:45 - 000001192 _____ C:\Users\stimpsonjcat\Desktop\Hotspot Shield.lnk
2018-07-31 10:45 - 2018-07-31 10:45 - 000001164 _____ C:\Users\stimpsonjcat\Desktop\iStripper.lnk
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Roaming\WinRAR
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Program Files (x86)\AddSoft
2018-07-26 09:13 - 2018-07-14 20:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-26 09:13 - 2018-07-14 20:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-26 09:13 - 2018-07-14 20:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-26 09:13 - 2018-07-14 20:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-26 09:13 - 2018-07-14 20:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-26 09:13 - 2018-07-14 20:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-26 09:13 - 2018-07-14 20:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-26 09:13 - 2018-07-14 20:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-26 09:13 - 2018-07-14 20:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-26 09:13 - 2018-07-14 20:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-26 09:13 - 2018-07-14 20:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-26 09:13 - 2018-07-14 20:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-26 09:13 - 2018-07-14 20:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-26 09:13 - 2018-07-14 19:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-26 09:13 - 2018-07-14 19:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-26 09:13 - 2018-07-14 19:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-26 09:13 - 2018-07-14 19:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-26 09:13 - 2018-07-14 19:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-26 09:13 - 2018-07-14 19:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-26 09:13 - 2018-07-14 19:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-26 09:13 - 2018-07-14 02:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-26 09:13 - 2018-07-14 02:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-26 09:13 - 2018-07-14 00:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-26 09:13 - 2018-07-14 00:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-26 09:13 - 2018-07-14 00:30 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-26 09:13 - 2018-07-14 00:24 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-26 09:13 - 2018-07-14 00:21 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-26 09:13 - 2018-07-14 00:21 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-26 09:13 - 2018-07-14 00:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-26 09:13 - 2018-07-14 00:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-26 09:13 - 2018-07-14 00:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-26 09:13 - 2018-07-14 00:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-26 09:13 - 2018-07-14 00:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-26 09:13 - 2018-07-14 00:20 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 007436112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-26 09:13 - 2018-07-14 00:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-26 09:13 - 2018-07-14 00:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-26 09:13 - 2018-07-14 00:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-26 09:13 - 2018-07-14 00:17 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-26 09:13 - 2018-07-14 00:17 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-26 09:13 - 2018-07-14 00:17 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-26 09:13 - 2018-07-14 00:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 006044112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-26 09:13 - 2018-07-14 00:15 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-26 09:13 - 2018-07-14 00:08 - 022006784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-26 09:13 - 2018-07-14 00:03 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-26 09:13 - 2018-07-14 00:03 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-26 09:13 - 2018-07-14 00:01 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-26 09:13 - 2018-07-14 00:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-26 09:13 - 2018-07-14 00:00 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-26 09:13 - 2018-07-13 23:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-26 09:13 - 2018-07-13 23:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-26 09:13 - 2018-07-13 23:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-26 09:13 - 2018-07-13 23:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-26 09:13 - 2018-07-13 23:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-26 09:13 - 2018-07-13 23:49 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-26 09:13 - 2018-07-13 23:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-26 09:13 - 2018-07-13 22:35 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-21 10:34 - 2018-07-13 00:34 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-21 10:34 - 2018-07-13 00:32 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-21 10:34 - 2018-07-13 00:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-21 10:34 - 2018-07-12 23:59 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-21 10:34 - 2018-07-11 06:23 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-21 10:34 - 2018-07-11 05:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-21 10:34 - 2018-07-06 10:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-21 10:34 - 2018-07-06 10:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-21 10:34 - 2018-07-06 10:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-21 10:34 - 2018-07-06 10:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-21 10:34 - 2018-07-06 09:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-21 10:34 - 2018-07-06 08:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-21 10:34 - 2018-07-06 07:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-21 10:34 - 2018-07-06 07:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-21 10:34 - 2018-07-06 03:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-21 10:34 - 2018-07-06 03:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-21 10:34 - 2018-07-06 03:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-21 10:34 - 2018-07-06 03:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-21 10:34 - 2018-07-06 03:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-21 10:34 - 2018-07-06 03:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-21 10:34 - 2018-07-06 03:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-21 10:34 - 2018-07-06 03:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-21 10:34 - 2018-07-06 03:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-21 10:34 - 2018-07-06 03:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-21 10:34 - 2018-07-06 03:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-21 10:34 - 2018-07-06 02:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-21 10:34 - 2018-07-06 02:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-21 10:34 - 2018-07-06 02:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-13 21:49 - 2018-08-01 11:33 - 000000000 ____D C:\AdwCleaner
2018-07-13 21:27 - 2018-08-02 10:29 - 000336965 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-13 21:27 - 2018-07-23 08:50 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-13 21:27 - 2018-07-13 21:48 - 000085030 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-13 21:27 - 2018-07-13 21:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-07-13 21:27 - 2018-07-13 21:27 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Zemana

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-02 10:15 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-02 09:55 - 2017-02-14 15:50 - 000000000 ____D C:\Users\stimpsonjcat\AppData\LocalLow\Mozilla
2018-08-02 09:44 - 2018-05-19 07:49 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\AVAST Software
2018-08-01 19:50 - 2018-06-13 18:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-01 11:40 - 2018-06-13 18:31 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-01 11:40 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-01 11:34 - 2018-06-13 18:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-01 11:34 - 2018-05-19 08:06 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-01 11:34 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-01 11:34 - 2017-05-19 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-01 11:33 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-01 11:07 - 2018-05-19 09:20 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\PlaceholderTileLogoFolder
2018-08-01 11:07 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-01 11:07 - 2017-12-31 12:16 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Packages
2018-08-01 10:59 - 2018-06-24 15:55 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\D3DSCache
2018-08-01 10:51 - 2018-06-13 18:45 - 000000000 ____D C:\ProgramData\Packages
2018-07-31 11:20 - 2018-06-27 12:06 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\QuickPar
2018-07-31 10:36 - 2016-10-19 11:37 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Roaming\vlc
2018-07-31 09:12 - 2018-06-13 18:29 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476704245
2018-07-31 09:12 - 2017-06-30 20:18 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-31 09:12 - 2016-10-17 07:36 - 000000000 ____D C:\Program Files (x86)\Opera
2018-07-31 07:45 - 2018-06-13 18:29 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-07-30 12:55 - 2018-06-15 20:54 - 000000000 ____D C:\Users\stimpsonjcat\Downloads\DOWNLOADED NZB
2018-07-30 12:54 - 2018-06-27 11:18 - 000000079 _____ C:\Users\stimpsonjcat\Desktop\password.txt
2018-07-26 09:26 - 2018-06-13 18:22 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-26 09:16 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-26 09:11 - 2018-06-13 18:02 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-23 08:50 - 2017-05-07 09:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-23 08:50 - 2016-10-17 00:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-21 14:08 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-21 14:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-21 10:25 - 2018-05-19 07:50 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-21 10:25 - 2018-05-19 07:50 - 000002463 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-19 21:25 - 2018-06-13 18:29 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-730097171-863105003-3608876083-1001
2018-07-19 21:25 - 2018-06-13 18:23 - 000002384 _____ C:\Users\stimpsonjcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-19 21:25 - 2016-10-16 22:53 - 000000000 ___RD C:\Users\stimpsonjcat\OneDrive
2018-07-16 09:35 - 2018-05-19 08:06 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-13 20:48 - 2016-10-17 00:15 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-13 20:46 - 2016-10-17 06:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-13 20:45 - 2018-06-24 10:23 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-13 20:45 - 2018-06-24 10:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-13 20:45 - 2016-10-17 06:57 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 20:44 - 2018-06-13 18:29 - 000004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 20:44 - 2018-06-13 16:06 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Adobe
2018-07-13 20:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 20:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2016-10-19 13:02 - 2016-10-19 13:02 - 021874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2018-08-01 11:55 - 2018-08-01 11:55 - 000319905 _____ () C:\Users\stimpsonjcat\AppData\Local\ars.cache
2018-08-01 11:55 - 2018-08-01 11:55 - 000734132 _____ () C:\Users\stimpsonjcat\AppData\Local\census.cache
2018-08-01 11:46 - 2018-08-01 11:46 - 000000036 _____ () C:\Users\stimpsonjcat\AppData\Local\housecall.guid.cache
2016-10-28 09:07 - 2016-10-28 09:07 - 000007679 _____ () C:\Users\stimpsonjcat\AppData\Local\Resmon.ResmonCfg
2018-08-01 11:52 - 2018-08-01 11:52 - 000000010 _____ () C:\Users\stimpsonjcat\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-13 18:21

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.08.2018
Ran by stimpsonjcat (02-08-2018 10:29:57)
Running from C:\Users\stimpsonjcat\Downloads
Windows 10 Home Version 1803 17134.191 (X64) (2018-06-13 22:29:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-730097171-863105003-3608876083-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-730097171-863105003-3608876083-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-730097171-863105003-3608876083-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-730097171-863105003-3608876083-501 - Limited - Disabled)
stimpsonjcat (S-1-5-21-730097171-863105003-3608876083-1001 - Administrator - Enabled) => C:\Users\stimpsonjcat
WDAGUtilityAccount (S-1-5-21-730097171-863105003-3608876083-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Catalyst Install Manager (HKLM\...\{1A8216F1-DDE2-4AFD-3052-E747C2E27F2A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.14 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.14 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.10.01 - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.)
Crucial Storage Executive (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Crucial Storage Executive 3.55.032018.04) (Version: 3.55.032018.04 - Crucial)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Kodi (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Kodi) (Version:  - XBMC-Foundation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Macrium Reflect Free Edition (HKLM\...\{F11B4FAA-198D-441F-85E4-7EED9E2D823B}) (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NordVPN (HKLM-x32\...\{7B3BB796-50F9-4330-B2B9-91AF9C2C343B}) (Version: 6.14.31 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.14.31) (Version: 6.14.31 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Opera Stable 54.0.2952.64 (HKLM-x32\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-22] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A9D1CB-45E7-4E21-A199-97BAE43CB142} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {0849DCF4-3174-4936-9BE5-93DC7340AD92} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {115C59E2-196A-4C16-B5E6-1350A4027524} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-19] (AVAST Software)
Task: {2C9A316A-453A-427F-BD82-958A396F9A13} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-03-20] (ASUSTeK)
Task: {3DB49B1C-52A5-45A1-A7F9-718A792A5253} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {5425EDE8-4235-430C-B2D2-E9DBCCBF9AD5} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe [2015-04-01] (ASUSTeK Computer Inc.)
Task: {590AD938-57C1-4A37-BB48-365A5931FE88} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-24] (AVAST Software)
Task: {5D3941D0-20E1-4B2C-9695-8C94E924009B} - System32\Tasks\Opera scheduled Autoupdate 1476704245 => c:\program files (x86)\opera\launcher.exe [2018-07-25] (Opera Software)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {76B7C935-E734-4B4F-A75F-A74D5CA1CEE5} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {90F7391E-87DC-4003-9179-BAA85FFBA226} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-19] (AVAST Software)
Task: {917577EC-CDD5-45BF-9979-F79E250D2C0A} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION
Task: {963729F2-3CCB-4435-8708-0EFB75D9A017} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-06-03] ()
Task: {9C36749A-648F-4FD9-87F2-F222BE472C10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-17] (Google Inc.)
Task: {9F894037-C42C-4E4F-960F-0FBDE614EF51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-17] (Google Inc.)
Task: {A74BDB79-6C65-4DD8-B30C-FA800AE9B096} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A7FDCDE1-1FC3-480A-BB9A-3F710C158B81} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-02-02] ()
Task: {B9A5319E-9AE5-4EFD-A7EB-62B8B1CC4C37} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {BA6B52EA-6E26-4A30-899E-BBA5D07569BF} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-09-12] (ASUSTeK)
Task: {C97EC278-BE97-4562-B72A-701400AD6419} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {EF2351DC-880A-4B43-8F73-D9B1604F0E30} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F125BB84-0F47-4FB6-AD7E-233005537685} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {FB118A2A-40D7-414A-A61C-7F440D1A9EFD} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {FC1DB3A1-4232-4FDE-B57D-C8E699D6CAEE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-13] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-22 06:13 - 2018-06-22 06:13 - 000431568 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2018-05-19 08:06 - 2018-07-16 09:35 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-10-16 23:15 - 2013-11-06 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-05-19 16:45 - 2016-10-22 02:04 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-16 23:16 - 2014-06-03 14:59 - 000930448 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-10-16 23:16 - 2014-03-12 14:51 - 000907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-26 09:11 - 2018-07-26 09:11 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-12-31 07:59 - 2017-12-31 07:59 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-28 09:19 - 2018-07-28 09:19 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-28 09:19 - 2018-07-28 09:19 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-12-31 07:57 - 2017-12-31 07:58 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-21 10:29 - 2018-07-21 10:30 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-21 10:29 - 2018-07-21 10:30 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-19 07:53 - 2018-05-19 07:54 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-21 10:29 - 2018-07-21 10:30 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-05-19 07:53 - 2018-05-19 07:54 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-28 09:19 - 2018-07-28 09:19 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-21 10:29 - 2018-07-21 10:30 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-28 09:19 - 2018-07-28 09:19 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-06-13 15:56 - 2018-06-13 15:57 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-21 10:29 - 2018-07-21 10:30 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-28 09:19 - 2018-07-28 09:19 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-28 09:19 - 2018-07-28 09:19 - 000162816 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-08-01 10:51 - 2018-08-01 10:51 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-08-01 10:51 - 2018-08-01 10:51 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-01 10:51 - 2018-08-01 10:51 - 007814144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-05-24 08:45 - 2018-05-24 08:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2016-10-16 23:15 - 2018-08-01 11:36 - 000036352 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2016-10-16 23:15 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2016-10-16 23:17 - 2014-01-22 10:36 - 000753664 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\WiMoveHelp.dll
2016-10-16 23:17 - 2014-01-22 10:35 - 000684032 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\PhoneCtrlAPI.dll
2018-05-19 07:47 - 2018-05-19 07:47 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-24 09:58 - 2018-06-24 09:58 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-24 09:58 - 2018-06-24 09:58 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2018-07-31 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-730097171-863105003-3608876083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\stimpsonjcat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9D721549-8110-4049-943D-1CAC27EAB5B3}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [{147006FB-FD30-4F52-B64C-2CC6E7F4F771}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{D89823DC-B6CA-4816-8CAF-D33E6EEF2E69}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{FF8362D6-BC0C-4DE4-900E-BBAABD31B765}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{224F5125-C2C3-42AB-8EDC-3FD40C6B1F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{0C794771-7A89-49AE-BDA2-92D9CA156E88}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{37E30366-ADAB-4ADB-BB0E-14F274B750BC}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{5E457134-57A5-4E8A-ACE2-6D6DAE8A1BCA}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{31FD6893-0CFA-4EFD-86DD-01FAC3E91923}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{D1BB61BC-C4C0-4D43-94FB-34EA92E2E2F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD559980-ECFA-408F-919A-1D858DF17160}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{961B5D5F-3C4F-4FA9-B2D8-F8CB7490C461}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5E7EEE76-C2CB-4B67-92AA-FA5F0F4EE08E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B0D82249-E09A-443D-BCF7-3A1424046531}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{990A8EF5-038F-4B5B-9E1F-7ACBF1F4AFCC}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{D3F306C6-7280-4AEE-B920-7270507F1D57}] => (Allow) c:\program files (x86)\opera\54.0.2952.60\opera.exe
FirewallRules: [{D05B0760-9826-4894-9A5D-5CF6CAE9CEB6}] => (Allow) c:\program files (x86)\opera\54.0.2952.64\opera.exe
FirewallRules: [{03D044D1-DF23-4A3E-A9F3-11CE292249F5}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{163E1A4E-E5BE-434F-953F-3058D42D0DFD}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{6E1410C5-0377-4C12-B5E9-A264601816A4}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe
FirewallRules: [{0560689A-8C2F-4D68-AC67-6EA6FD8C144F}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe

==================== Restore Points =========================

13-07-2018 20:44:51 Windows Update
21-07-2018 10:33:52 Windows Update
26-07-2018 09:13:09 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname StimpyAsusWindows10.local already in use; will try StimpyAsusWindows10-2.local instead

Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 StimpyAsusWindows10.local. Addr 192.168.1.82

Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.82:5353   16 StimpyAsusWindows10.local. AAAA FE80:0000:0000:0000:38AC:942E:14F0:A9DB

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname StimpyAsusWindows10.local already in use; will try StimpyAsusWindows10-2.local instead

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 StimpyAsusWindows10.local. Addr 192.168.1.82

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.82:5353   16 StimpyAsusWindows10.local. AAAA FE80:0000:0000:0000:38AC:942E:14F0:A9DB

Error: (08/01/2018 11:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname StimpyAsusWindows10.local already in use; will try StimpyAsusWindows10-2.local instead

Error: (08/01/2018 11:13:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 StimpyAsusWindows10.local. Addr 192.168.1.82


System errors:
=============
Error: (08/01/2018 07:50:55 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/01/2018 12:15:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/01/2018 12:15:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\STIMPS~1\AppData\Local\Temp\ehdrv.sys

Error: (08/01/2018 12:15:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/01/2018 12:15:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\STIMPS~1\AppData\Local\Temp\ehdrv.sys

Error: (08/01/2018 12:15:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/01/2018 12:15:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\STIMPS~1\AppData\Local\Temp\ehdrv.sys

Error: (08/01/2018 12:15:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


==================== Memory info ===========================

Processor: AMD FX™-8300 Eight-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 16299.48 MB
Available physical RAM: 11996.62 MB
Total Virtual: 17323.48 MB
Available Virtual: 12602.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:255.62 GB) (Free:62.19 GB) NTFS

\\?\Volume{c7723216-178f-4af6-b936-878e2e82afec}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{9a67f648-1b39-424a-b02f-108ffb18a608}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 256.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 02 August 2018 - 03:43 PM

Thank you.

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2018-08-01 11:34 - 2018-08-01 11:34 - 000516157 ____N C:\Users\Akli5\tough again.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000503062 ____N C:\Users\tikf9q\spend.rayburn.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000216901 ____N C:\Users\Akli5\circulate-seemed-divide.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000201027 ____N C:\Users\tikf9q\dressed_collapse_light_atomic.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000068785 ____N C:\Users\Akli5\increasinglyconservative.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000062926 ____N C:\Users\tikf9q\monarchboating.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000053257 ____N C:\Users\tikf9q\scold.travel.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000052872 ____N C:\Users\Akli5\extend compete.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000026679 ____N C:\Users\tikf9q\wants_exhibit.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000026539 ____N C:\Users\tikf9q\fallcabinpracticalaccount.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000025265 ____N C:\Users\Akli5\release_paused.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000014991 ____N C:\Users\Akli5\portion-dealer-tom-ben.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 __SHD C:\Users\stimpsonjcat\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\tikf9q
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Sresources31
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Ldates34
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\Akli5
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Xpackage62
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Acorganized108
2018-07-31 10:45 - 2018-07-31 10:45 - 000001164 _____ C:\Users\stimpsonjcat\Desktop\iStripper.lnk
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Roaming\WinRAR
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Program Files (x86)\AddSoft
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Please run a Malwarebytes scan, making sure to update the database if necessary.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Malwarebytes log
  • Update on computer performance

Edited by Oh My!, 02 August 2018 - 03:46 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 02 August 2018 - 09:39 PM

Here are the results you asked for.
I still have a blank link on my desktop for hotspot shield.
 
My computer seems to be running fine but I haven't really been doing much with it until I knew it was ok.
You asked in an email if I knew this profile. I don't.
Is that an issue?
 
Greetings George. Nice to meet you.

Do you recognize this User Profile?

C:\Users\Akli5
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by stimpsonjcat (02-08-2018 22:11:33) Run:1
Running from C:\Users\stimpsonjcat\Downloads
Loaded Profiles: stimpsonjcat (Available Profiles: defaultuser0 & stimpsonjcat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2018-08-01 11:34 - 2018-08-01 11:34 - 000516157 ____N C:\Users\Akli5\tough again.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000503062 ____N C:\Users\tikf9q\spend.rayburn.xlsx
2018-08-01 11:34 - 2018-08-01 11:34 - 000216901 ____N C:\Users\Akli5\circulate-seemed-divide.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000201027 ____N C:\Users\tikf9q\dressed_collapse_light_atomic.mdb
2018-08-01 11:34 - 2018-08-01 11:34 - 000068785 ____N C:\Users\Akli5\increasinglyconservative.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000062926 ____N C:\Users\tikf9q\monarchboating.xls
2018-08-01 11:34 - 2018-08-01 11:34 - 000053257 ____N C:\Users\tikf9q\scold.travel.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000052872 ____N C:\Users\Akli5\extend compete.pem
2018-08-01 11:34 - 2018-08-01 11:34 - 000026679 ____N C:\Users\tikf9q\wants_exhibit.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000026539 ____N C:\Users\tikf9q\fallcabinpracticalaccount.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000025265 ____N C:\Users\Akli5\release_paused.sql
2018-08-01 11:34 - 2018-08-01 11:34 - 000014991 ____N C:\Users\Akli5\portion-dealer-tom-ben.txt
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 __SHD C:\Users\stimpsonjcat\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\tikf9q
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Sresources31
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Ldates34
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ___HD C:\Users\Akli5
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Xpackage62
2018-08-01 11:34 - 2018-08-01 11:34 - 000000000 ____D C:\Acorganized108
2018-07-31 10:45 - 2018-07-31 10:45 - 000001164 _____ C:\Users\stimpsonjcat\Desktop\iStripper.lnk
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Roaming\WinRAR
2018-07-31 10:45 - 2018-07-31 10:45 - 000000000 ____D C:\Program Files (x86)\AddSoft
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"C:\Users\Akli5\tough again.xlsx" => not found
"C:\Users\tikf9q\spend.rayburn.xlsx" => not found
"C:\Users\Akli5\circulate-seemed-divide.mdb" => not found
"C:\Users\tikf9q\dressed_collapse_light_atomic.mdb" => not found
"C:\Users\Akli5\increasinglyconservative.xls" => not found
"C:\Users\tikf9q\monarchboating.xls" => not found
"C:\Users\tikf9q\scold.travel.pem" => not found
"C:\Users\Akli5\extend compete.pem" => not found
"C:\Users\tikf9q\wants_exhibit.sql" => not found
"C:\Users\tikf9q\fallcabinpracticalaccount.txt" => not found
"C:\Users\Akli5\release_paused.sql" => not found
"C:\Users\Akli5\portion-dealer-tom-ben.txt" => not found
C:\Users\stimpsonjcat\Desktop\0K, this directory is for Ransomware detection (just leave it here) => moved successfully
"C:\Users\tikf9q" => not found
"C:\Users\stimpsonjcat\Documents\Sresources31" => not found
"C:\Users\stimpsonjcat\Documents\Ldates34" => not found
"C:\Users\Akli5" => not found
"C:\Xpackage62" => not found
"C:\Acorganized108" => not found
C:\Users\stimpsonjcat\Desktop\iStripper.lnk => moved successfully
C:\Users\stimpsonjcat\AppData\Roaming\WinRAR => moved successfully
C:\Program Files (x86)\AddSoft => moved successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

{0FC47735-66C0-4CB1-ADAE-8867F48DCBBC} canceled.
{7DCC16CC-D93F-490F-B1E5-38B4CC43D534} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-730097171-863105003-3608876083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-730097171-863105003-3608876083-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58819160 B
Java, Flash, Steam htmlcache => 1698 B
Windows/system/drivers => 133590342 B
Edge => 14058418 B
Chrome => 508351029 B
Firefox => 392055966 B
Opera => 455778168 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 17216 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 7168 B
stimpsonjcat => 353480888 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:13:28 ====
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/2/18
Scan Time: 10:15 PM
Log File: 28d14946-96c3-11e8-917d-382c4ac4ff6a.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6179
License: Free

-System Information-
OS: Windows 10 (Build 17134.191)
CPU: x64
File System: NTFS
User: STIMPYASUSWINDO\stimpsonjcat

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308100
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

Edited by Oh My!, 02 August 2018 - 09:43 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 02 August 2018 - 09:45 PM

Greetings George.

Yes that User Profile is of concern. We will take care of the hotspot shield in our next post.

Please run a new FRST scan and copy/paste both reports in your reply.

Edited by Oh My!, 02 August 2018 - 09:47 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 03 August 2018 - 08:02 AM

Good morning,

Here are the results you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by stimpsonjcat (administrator) on STIMPYASUSWINDO (03-08-2018 09:00:18)
Running from C:\Users\stimpsonjcat\Downloads
Loaded Profiles: stimpsonjcat (Available Profiles: defaultuser0 & stimpsonjcat)
Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Micron Technology, Inc.) C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-24] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5908432 2018-06-22] (NordVPN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-10-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52cafb36-a590-48c8-a0a7-800c243235ba}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7b3b9481-1ecb-4791-b959-e9de37cdd391}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
IE Session Restore: HKU\S-1-5-21-730097171-863105003-3608876083-1001 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-730097171-863105003-3608876083-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: 4dwyuq3l.default
FF ProfilePath: C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default [2018-08-03]
FF NewTab: Mozilla\Firefox\Profiles\4dwyuq3l.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\4dwyuq3l.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\4dwyuq3l.default -> Enabled: pavel.sherbakov@gmail.com
FF Extension: (Avira Browser Safety) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\abs@avira.com.xpi [2018-06-13]
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\fvdmedia@gmail.com.xpi [2018-07-05]
FF Extension: (IPvFoo) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\ipvfoo@pmarks.net.xpi [2018-06-15]
FF Extension: (New Tab Page) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\pavel.sherbakov@gmail.com.xpi [2018-07-13]
FF Extension: (Avast SafePrice) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\sp@avast.com.xpi [2018-06-24]
FF Extension: (LastPass: Free Password Manager) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\support@lastpass.com.xpi [2018-07-28]
FF Extension: (Avast Online Security) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\wrc@avast.com.xpi [2018-06-13]
FF Extension: (Session Manager) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-02-14] [Legacy]
FF Extension: (FEBE) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2017-02-14] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-28]
FF SearchPlugin: C:\Users\stimpsonjcat\AppData\Roaming\Mozilla\Firefox\Profiles\4dwyuq3l.default\searchplugins\google-avast.xml [2017-06-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-10-19] (LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-13] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-10-19] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default [2018-08-02]
CHR Extension: (Slides) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-31]
CHR Extension: (Docs) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-31]
CHR Extension: (Google Drive) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-17]
CHR Extension: (YouTube) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-17]
CHR Extension: (Sheets) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-31]
CHR Extension: (Avira Browser Safety) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Avast Online Security) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-31]
CHR Extension: (Gmail) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\stimpsonjcat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-24] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-24] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-19] (AVAST Software)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 MicronCacheMonitor; C:\Program Files\Crucial\Crucial Storage Executive\cache\MicronCacheMonitor.exe [689152 2016-07-26] (Micron Technology, Inc.) [File not signed]
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [431568 2018-06-22] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [281536 2017-12-11] (Realtek Semiconductor Corp.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106920 2018-07-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-24] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-24] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-24] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-24] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-24] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-24] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-24] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-24] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-07-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-24] (AVAST Software)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-02] (Malwarebytes)
R1 mtihint; C:\Windows\system32\Drivers\mtihint.sys [18504 2015-07-13] (Micron Technology, Inc.) [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888056 2015-10-14] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [756672 2017-12-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corporation )
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (The OpenVPN Project)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-15] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-13] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-02 22:14 - 2018-08-02 22:14 - 000512924 ____N C:\Users\Aknen\comfortablemorphologyhandsscratch.xlsx
2018-08-02 22:14 - 2018-08-02 22:14 - 000506283 ____N C:\Users\t5ffb\billion_producing.xlsx
2018-08-02 22:14 - 2018-08-02 22:14 - 000228529 ____N C:\Users\t5ffb\bicycle_journey.mdb
2018-08-02 22:14 - 2018-08-02 22:14 - 000203028 ____N C:\Users\Aknen\failure-curiosity-brushed.mdb
2018-08-02 22:14 - 2018-08-02 22:14 - 000071290 ____N C:\Users\t5ffb\adhere-use.xls
2018-08-02 22:14 - 2018-08-02 22:14 - 000070925 ____N C:\Users\Aknen\stocking-men-reproduction.xls
2018-08-02 22:14 - 2018-08-02 22:14 - 000059847 ____N C:\Users\Aknen\benchretired.pem
2018-08-02 22:14 - 2018-08-02 22:14 - 000056792 ____N C:\Users\t5ffb\satisfied_teachers_wisdom.pem
2018-08-02 22:14 - 2018-08-02 22:14 - 000038485 ____N C:\Users\t5ffb\anger qualities february man.txt
2018-08-02 22:14 - 2018-08-02 22:14 - 000029070 ____N C:\Users\Aknen\address.reign.numerous.refund.txt
2018-08-02 22:14 - 2018-08-02 22:14 - 000022265 ____N C:\Users\Aknen\rectangleinadequateoutside.sql
2018-08-02 22:14 - 2018-08-02 22:14 - 000013572 ____N C:\Users\t5ffb\himselffoundedfog.sql
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 __SHD C:\Users\stimpsonjcat\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ___HD C:\Users\t5ffb
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Sscans8
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ___HD C:\Users\stimpsonjcat\Documents\Luse213
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ___HD C:\Users\Aknen
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ____D C:\Xdefinitions41
2018-08-02 22:14 - 2018-08-02 22:14 - 000000000 ____D C:\Acdetail59
2018-08-02 22:10 - 2018-08-02 22:10 - 000000000 ____D C:\Users\stimpsonjcat\Downloads\FRST-OlderVersion
2018-08-02 10:29 - 2018-08-03 09:00 - 000018596 _____ C:\Users\stimpsonjcat\Downloads\FRST.txt
2018-08-02 10:08 - 2018-08-03 09:00 - 000000000 ____D C:\FRST
2018-08-02 10:07 - 2018-08-02 22:10 - 002412544 _____ (Farbar) C:\Users\stimpsonjcat\Downloads\FRST64.exe
2018-08-01 12:35 - 2018-08-02 22:14 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\FSDART
2018-08-01 12:35 - 2018-08-01 19:50 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-01 12:35 - 2018-08-01 12:35 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\F-Secure
2018-08-01 11:58 - 2018-08-01 11:58 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\ESET
2018-08-01 11:55 - 2018-08-01 11:55 - 000734132 _____ C:\Users\stimpsonjcat\AppData\Local\census.cache
2018-08-01 11:55 - 2018-08-01 11:55 - 000319905 _____ C:\Users\stimpsonjcat\AppData\Local\ars.cache
2018-08-01 11:52 - 2018-08-01 11:52 - 000000010 _____ C:\Users\stimpsonjcat\AppData\Local\sponge.last.runtime.cache
2018-08-01 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-08-01 11:47 - 2018-08-01 11:47 - 000000000 ____D C:\ProgramData\Trend Micro
2018-08-01 11:46 - 2018-08-01 11:46 - 000000036 _____ C:\Users\stimpsonjcat\AppData\Local\housecall.guid.cache
2018-08-01 11:46 - 2017-10-17 12:40 - 000334488 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2018-08-01 11:26 - 2018-08-01 11:26 - 000000000 ____D C:\ProgramData\Emsisoft
2018-07-31 10:45 - 2018-07-31 10:45 - 000001192 _____ C:\Users\stimpsonjcat\Desktop\Hotspot Shield.lnk
2018-07-26 09:13 - 2018-07-14 20:58 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-26 09:13 - 2018-07-14 20:56 - 001523240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-07-26 09:13 - 2018-07-14 20:44 - 006587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-07-26 09:13 - 2018-07-14 20:44 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-26 09:13 - 2018-07-14 20:43 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-26 09:13 - 2018-07-14 20:42 - 008624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-26 09:13 - 2018-07-14 20:42 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-26 09:13 - 2018-07-14 20:41 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-07-26 09:13 - 2018-07-14 20:41 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-07-26 09:13 - 2018-07-14 20:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-26 09:13 - 2018-07-14 20:39 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-26 09:13 - 2018-07-14 20:38 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-26 09:13 - 2018-07-14 20:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-26 09:13 - 2018-07-14 20:36 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-26 09:13 - 2018-07-14 19:28 - 001327424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-07-26 09:13 - 2018-07-14 19:18 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-07-26 09:13 - 2018-07-14 19:17 - 011901440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-26 09:13 - 2018-07-14 19:15 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-26 09:13 - 2018-07-14 19:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-26 09:13 - 2018-07-14 19:13 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-26 09:13 - 2018-07-14 19:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-26 09:13 - 2018-07-14 19:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-26 09:13 - 2018-07-14 02:46 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-26 09:13 - 2018-07-14 02:42 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-26 09:13 - 2018-07-14 00:37 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-07-26 09:13 - 2018-07-14 00:37 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-07-26 09:13 - 2018-07-14 00:30 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-26 09:13 - 2018-07-14 00:24 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 000760888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-26 09:13 - 2018-07-14 00:23 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 000510392 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-26 09:13 - 2018-07-14 00:22 - 000203560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-07-26 09:13 - 2018-07-14 00:21 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-26 09:13 - 2018-07-14 00:21 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-26 09:13 - 2018-07-14 00:21 - 000722824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-26 09:13 - 2018-07-14 00:21 - 000192920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-07-26 09:13 - 2018-07-14 00:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-26 09:13 - 2018-07-14 00:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-26 09:13 - 2018-07-14 00:20 - 000184472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-07-26 09:13 - 2018-07-14 00:20 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 000981920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-26 09:13 - 2018-07-14 00:19 - 000636944 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-07-26 09:13 - 2018-07-14 00:19 - 000483024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 007436112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 002371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 001017584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000930712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-26 09:13 - 2018-07-14 00:18 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000443216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-26 09:13 - 2018-07-14 00:18 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-07-26 09:13 - 2018-07-14 00:17 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-26 09:13 - 2018-07-14 00:17 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-26 09:13 - 2018-07-14 00:17 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-26 09:13 - 2018-07-14 00:17 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-26 09:13 - 2018-07-14 00:17 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-26 09:13 - 2018-07-14 00:17 - 000743320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-26 09:13 - 2018-07-14 00:16 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 006044112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-26 09:13 - 2018-07-14 00:15 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-07-26 09:13 - 2018-07-14 00:15 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-26 09:13 - 2018-07-14 00:08 - 022006784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-26 09:13 - 2018-07-14 00:03 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-26 09:13 - 2018-07-14 00:03 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-26 09:13 - 2018-07-14 00:01 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-26 09:13 - 2018-07-14 00:01 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-26 09:13 - 2018-07-14 00:00 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-26 09:13 - 2018-07-13 23:59 - 003553280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-26 09:13 - 2018-07-13 23:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 007057920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-26 09:13 - 2018-07-13 23:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002697216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Controls.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001703936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 001558016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2018-07-26 09:13 - 2018-07-13 23:56 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-07-26 09:13 - 2018-07-13 23:55 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-07-26 09:13 - 2018-07-13 23:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-26 09:13 - 2018-07-13 23:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-07-26 09:13 - 2018-07-13 23:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 003319808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-07-26 09:13 - 2018-07-13 23:54 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2018-07-26 09:13 - 2018-07-13 23:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 004770816 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-07-26 09:13 - 2018-07-13 23:53 - 000220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-07-26 09:13 - 2018-07-13 23:52 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 002904576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001747968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 001304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-07-26 09:13 - 2018-07-13 23:51 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-26 09:13 - 2018-07-13 23:50 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-07-26 09:13 - 2018-07-13 23:50 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-26 09:13 - 2018-07-13 23:49 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-26 09:13 - 2018-07-13 23:49 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-26 09:13 - 2018-07-13 22:35 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-21 10:34 - 2018-07-13 00:34 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-21 10:34 - 2018-07-13 00:32 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-21 10:34 - 2018-07-13 00:30 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-21 10:34 - 2018-07-12 23:59 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-21 10:34 - 2018-07-11 06:23 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-21 10:34 - 2018-07-11 05:24 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-21 10:34 - 2018-07-06 10:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-21 10:34 - 2018-07-06 10:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-21 10:34 - 2018-07-06 10:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-21 10:34 - 2018-07-06 10:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-21 10:34 - 2018-07-06 10:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-21 10:34 - 2018-07-06 09:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-21 10:34 - 2018-07-06 09:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-21 10:34 - 2018-07-06 08:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-21 10:34 - 2018-07-06 07:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-21 10:34 - 2018-07-06 07:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-21 10:34 - 2018-07-06 03:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-21 10:34 - 2018-07-06 03:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-21 10:34 - 2018-07-06 03:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-21 10:34 - 2018-07-06 03:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-21 10:34 - 2018-07-06 03:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-21 10:34 - 2018-07-06 03:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-21 10:34 - 2018-07-06 03:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-21 10:34 - 2018-07-06 03:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-21 10:34 - 2018-07-06 03:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-21 10:34 - 2018-07-06 03:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-21 10:34 - 2018-07-06 03:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-21 10:34 - 2018-07-06 03:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-21 10:34 - 2018-07-06 03:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-21 10:34 - 2018-07-06 03:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-21 10:34 - 2018-07-06 02:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-21 10:34 - 2018-07-06 02:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-21 10:34 - 2018-07-06 02:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-21 10:34 - 2018-07-06 02:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-21 10:34 - 2018-07-06 02:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-21 10:34 - 2018-07-06 02:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-21 10:34 - 2018-07-06 02:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-21 10:34 - 2018-07-06 02:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-13 21:49 - 2018-08-01 11:33 - 000000000 ____D C:\AdwCleaner
2018-07-13 21:27 - 2018-08-03 09:00 - 000057126 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-13 21:27 - 2018-07-23 08:50 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-13 21:27 - 2018-07-13 21:48 - 000085030 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-13 21:27 - 2018-07-13 21:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-07-13 21:27 - 2018-07-13 21:27 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Zemana

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-03 08:59 - 2018-05-19 07:49 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\AVAST Software
2018-08-03 08:59 - 2017-02-14 15:50 - 000000000 ____D C:\Users\stimpsonjcat\AppData\LocalLow\Mozilla
2018-08-03 08:58 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-02 22:20 - 2018-06-13 18:31 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-02 22:20 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-02 22:14 - 2018-06-13 18:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-02 22:14 - 2018-05-19 08:06 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-02 22:14 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-02 22:14 - 2017-05-19 16:45 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-02 22:13 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-02 22:09 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-01 19:50 - 2018-06-13 18:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-01 11:07 - 2018-05-19 09:20 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\PlaceholderTileLogoFolder
2018-08-01 11:07 - 2017-12-31 12:16 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Packages
2018-08-01 10:59 - 2018-06-24 15:55 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\D3DSCache
2018-08-01 10:51 - 2018-06-13 18:45 - 000000000 ____D C:\ProgramData\Packages
2018-07-31 11:20 - 2018-06-27 12:06 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\QuickPar
2018-07-31 10:36 - 2016-10-19 11:37 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Roaming\vlc
2018-07-31 09:12 - 2018-06-13 18:29 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1476704245
2018-07-31 09:12 - 2017-06-30 20:18 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-07-31 09:12 - 2016-10-17 07:36 - 000000000 ____D C:\Program Files (x86)\Opera
2018-07-31 07:45 - 2018-06-13 18:29 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-07-30 12:55 - 2018-06-15 20:54 - 000000000 ____D C:\Users\stimpsonjcat\Downloads\DOWNLOADED NZB
2018-07-30 12:54 - 2018-06-27 11:18 - 000000079 _____ C:\Users\stimpsonjcat\Desktop\password.txt
2018-07-26 09:26 - 2018-06-13 18:22 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-26 09:25 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-26 09:16 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-26 09:11 - 2018-06-13 18:02 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-23 08:50 - 2017-05-07 09:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-23 08:50 - 2016-10-17 00:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-21 14:08 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-21 14:08 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-21 14:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-21 10:25 - 2018-05-19 07:50 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-21 10:25 - 2018-05-19 07:50 - 000002463 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-19 21:25 - 2018-06-13 18:29 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-730097171-863105003-3608876083-1001
2018-07-19 21:25 - 2018-06-13 18:23 - 000002384 _____ C:\Users\stimpsonjcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-19 21:25 - 2016-10-16 22:53 - 000000000 ___RD C:\Users\stimpsonjcat\OneDrive
2018-07-16 09:35 - 2018-05-19 08:06 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-13 20:48 - 2016-10-17 00:15 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-13 20:46 - 2016-10-17 06:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-13 20:45 - 2018-06-24 10:23 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-13 20:45 - 2018-06-24 10:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-13 20:45 - 2016-10-17 06:57 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-13 20:44 - 2018-06-13 18:29 - 000004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-13 20:44 - 2018-06-13 16:06 - 000000000 ____D C:\Users\stimpsonjcat\AppData\Local\Adobe
2018-07-13 20:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-13 20:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2016-10-19 13:02 - 2016-10-19 13:02 - 021874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2018-08-01 11:55 - 2018-08-01 11:55 - 000319905 _____ () C:\Users\stimpsonjcat\AppData\Local\ars.cache
2018-08-01 11:55 - 2018-08-01 11:55 - 000734132 _____ () C:\Users\stimpsonjcat\AppData\Local\census.cache
2018-08-01 11:46 - 2018-08-01 11:46 - 000000036 _____ () C:\Users\stimpsonjcat\AppData\Local\housecall.guid.cache
2016-10-28 09:07 - 2016-10-28 09:07 - 000007679 _____ () C:\Users\stimpsonjcat\AppData\Local\Resmon.ResmonCfg
2018-08-01 11:52 - 2018-08-01 11:52 - 000000010 _____ () C:\Users\stimpsonjcat\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-13 18:21

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by stimpsonjcat (03-08-2018 09:01:01)
Running from C:\Users\stimpsonjcat\Downloads
Windows 10 Home Version 1803 17134.191 (X64) (2018-06-13 22:29:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-730097171-863105003-3608876083-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-730097171-863105003-3608876083-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-730097171-863105003-3608876083-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-730097171-863105003-3608876083-501 - Limited - Disabled)
stimpsonjcat (S-1-5-21-730097171-863105003-3608876083-1001 - Administrator - Enabled) => C:\Users\stimpsonjcat
WDAGUtilityAccount (S-1-5-21-730097171-863105003-3608876083-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Catalyst Install Manager (HKLM\...\{1A8216F1-DDE2-4AFD-3052-E747C2E27F2A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.14 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.14 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.10 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.10.01 - ASUSTeK Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.)
Crucial Storage Executive (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Crucial Storage Executive 3.55.032018.04) (Version: 3.55.032018.04 - Crucial)
Cybereason RansomFree 2.4.2.0 (HKLM-x32\...\{2A15E1FB-A1F5-4F11-B033-D8DB1E37C1E9}) (Version: 2.4.2.0 - Cybereason Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Kodi (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\Kodi) (Version:  - XBMC-Foundation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Macrium Reflect Free Edition (HKLM\...\{F11B4FAA-198D-441F-85E4-7EED9E2D823B}) (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-730097171-863105003-3608876083-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NordVPN (HKLM-x32\...\{7B3BB796-50F9-4330-B2B9-91AF9C2C343B}) (Version: 6.14.31 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.14.31) (Version: 6.14.31 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
Opera Stable 54.0.2952.64 (HKLM-x32\...\Opera 54.0.2952.64) (Version: 54.0.2952.64 - Opera Software)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-22] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A9D1CB-45E7-4E21-A199-97BAE43CB142} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {0849DCF4-3174-4936-9BE5-93DC7340AD92} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {115C59E2-196A-4C16-B5E6-1350A4027524} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-19] (AVAST Software)
Task: {2C9A316A-453A-427F-BD82-958A396F9A13} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2014-03-20] (ASUSTeK)
Task: {3DB49B1C-52A5-45A1-A7F9-718A792A5253} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {5425EDE8-4235-430C-B2D2-E9DBCCBF9AD5} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe [2015-04-01] (ASUSTeK Computer Inc.)
Task: {590AD938-57C1-4A37-BB48-365A5931FE88} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-24] (AVAST Software)
Task: {5D3941D0-20E1-4B2C-9695-8C94E924009B} - System32\Tasks\Opera scheduled Autoupdate 1476704245 => c:\program files (x86)\opera\launcher.exe [2018-07-25] (Opera Software)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {76B7C935-E734-4B4F-A75F-A74D5CA1CEE5} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {90F7391E-87DC-4003-9179-BAA85FFBA226} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-19] (AVAST Software)
Task: {917577EC-CDD5-45BF-9979-F79E250D2C0A} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION
Task: {963729F2-3CCB-4435-8708-0EFB75D9A017} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-06-03] ()
Task: {9C36749A-648F-4FD9-87F2-F222BE472C10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-17] (Google Inc.)
Task: {9F894037-C42C-4E4F-960F-0FBDE614EF51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-17] (Google Inc.)
Task: {A74BDB79-6C65-4DD8-B30C-FA800AE9B096} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {A7FDCDE1-1FC3-480A-BB9A-3F710C158B81} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-02-02] ()
Task: {B9A5319E-9AE5-4EFD-A7EB-62B8B1CC4C37} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-13] (Adobe Systems Incorporated)
Task: {BA6B52EA-6E26-4A30-899E-BBA5D07569BF} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-09-12] (ASUSTeK)
Task: {C97EC278-BE97-4562-B72A-701400AD6419} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {EF2351DC-880A-4B43-8F73-D9B1604F0E30} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F125BB84-0F47-4FB6-AD7E-233005537685} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {FB118A2A-40D7-414A-A61C-7F440D1A9EFD} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-11-20] (Cybereason)
Task: {FC1DB3A1-4232-4FDE-B57D-C8E699D6CAEE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-13] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-06-22 06:13 - 2018-06-22 06:13 - 000431568 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2018-05-19 08:06 - 2018-07-16 09:35 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2016-10-16 23:15 - 2013-11-06 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-05-19 16:45 - 2016-10-22 02:04 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-16 23:16 - 2014-06-03 14:59 - 000930448 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-10-16 23:16 - 2014-03-12 14:51 - 000907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2018-07-21 10:34 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-26 09:11 - 2018-07-26 09:11 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-12-31 07:59 - 2017-12-31 07:59 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-26 09:11 - 2018-07-26 09:11 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.13911.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-05-24 08:45 - 2018-05-24 08:45 - 000250368 _____ () C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2016-10-16 23:15 - 2018-08-02 22:16 - 000036352 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2016-10-16 23:15 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2016-10-16 23:17 - 2014-01-22 10:36 - 000753664 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\WiMoveHelp.dll
2016-10-16 23:17 - 2014-01-22 10:35 - 000684032 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\PhoneCtrlAPI.dll
2018-05-19 07:47 - 2018-05-19 07:47 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-24 09:58 - 2018-06-24 09:58 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-24 09:58 - 2018-06-24 09:58 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2018-07-31 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-730097171-863105003-3608876083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\stimpsonjcat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5CDFCC83-F0AF-46E6-AB6D-39E34AC1C771}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{6B633DAB-04F8-419A-AA19-4AB0A6818014}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
FirewallRules: [{0AEC540F-A3ED-40F1-911D-313AB185F24B}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe
FirewallRules: [{4A731C3F-8ABE-409D-9209-8764E687E727}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe

==================== Restore Points =========================

13-07-2018 20:44:51 Windows Update
21-07-2018 10:33:52 Windows Update
26-07-2018 09:13:09 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2018 10:11:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/02/2018 10:11:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {70e8e89a-2c47-44c7-af70-1346cd658d3b}

Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname StimpyAsusWindows10.local already in use; will try StimpyAsusWindows10-2.local instead

Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 StimpyAsusWindows10.local. Addr 192.168.1.82

Error: (08/02/2018 09:57:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.82:5353   16 StimpyAsusWindows10.local. AAAA FE80:0000:0000:0000:38AC:942E:14F0:A9DB

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname StimpyAsusWindows10.local already in use; will try StimpyAsusWindows10-2.local instead

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will rename    4 StimpyAsusWindows10.local. Addr 192.168.1.82

Error: (08/01/2018 11:17:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.82:5353   16 StimpyAsusWindows10.local. AAAA FE80:0000:0000:0000:38AC:942E:14F0:A9DB


System errors:
=============
Error: (08/02/2018 10:40:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/02/2018 10:13:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (08/02/2018 10:13:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (08/02/2018 10:13:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (08/02/2018 10:12:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (08/02/2018 10:11:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/02/2018 10:11:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/02/2018 10:11:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD FX™-8300 Eight-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16299.48 MB
Available physical RAM: 13047.94 MB
Total Virtual: 17323.48 MB
Available Virtual: 13700.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:255.62 GB) (Free:60.98 GB) NTFS

\\?\Volume{c7723216-178f-4af6-b936-878e2e82afec}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{9a67f648-1b39-424a-b02f-108ffb18a608}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 256.2 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#9 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 03 August 2018 - 08:08 AM

Is this profile something to do with this firefox extension and is this extension bad?

FVD Speed Dial



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 03 August 2018 - 09:12 AM

And good morning to you as well.

As it turns out, it is of no concern because it is related to Cybereason. That program creates random folder/file "bait" to try to catch potential malicious software activity. These folder and file names change with each reboot so that is why strange things are (re)appearing.

Let's do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
  • The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below
Start::
2018-07-31 10:45 - 2018-07-31 10:45 - 000001192 _____ C:\Users\stimpsonjcat\Desktop\Hotspot Shield.lnk
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 05 August 2018 - 07:40 AM

Good morning,

 

Here is the fixlog report.

 

The only thing I noticed so far on my computer is that when I use my Lastpass to populate the passwords and logins  it doesn't auto populate like it used to.

Maybe I need to reinstall it.

I notice that I can't connect to the bleeping computer with my Nordvpn account.  Is there a reason for this or is this another issue?

 

I hope you are having an enjoyable weekend.

Thanks

George

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by stimpsonjcat (05-08-2018 08:27:37) Run:2
Running from C:\Users\stimpsonjcat\Downloads
Loaded Profiles: stimpsonjcat (Available Profiles: defaultuser0 & stimpsonjcat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2018-07-31 10:45 - 2018-07-31 10:45 - 000001192 _____ C:\Users\stimpsonjcat\Desktop\Hotspot Shield.lnk
emptytemp:

*****************

C:\Users\stimpsonjcat\Desktop\Hotspot Shield.lnk => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8628012 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 362178 B
Edge => 3584 B
Chrome => 0 B
Firefox => 84884373 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 908 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
stimpsonjcat => 15018267 B

RecycleBin => 201150 B
EmptyTemp: => 111.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:27:46 ====



#12 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 05 August 2018 - 07:53 AM

I figured out why I couldn't connect using nordvpn.

If I turned off Cybersec whcih blocks ads and malware and Phishing it also blocks Bleeping computer.com.

Interesting.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 05 August 2018 - 08:02 AM

Hi George.

The weekend has been good, thank you.

I have LastPass and my auto populate is inconsistent as well. All my information is still there, it is just for whatever reason sometimes I have to manually populate user names and/or passwords. Does this sound like your situation?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 stimpsonthecat

stimpsonthecat
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 06 August 2018 - 10:29 AM

yes this is exactly what happens now.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:44 AM

Posted 06 August 2018 - 10:42 AM

This is an issue with the program and not an indication your computer is infected.

Do you have any other concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users