Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A keygen was opened and that day my email and crypto accts were compromised


  • This topic is locked This topic is locked
9 replies to this topic

#1 halucine

halucine

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 08 August 2018 - 01:31 PM

Last week I opened a keygen (attempting to install Icecream video recorder) which opened 4 temp files. Later that day I received emails from Bittrex, Poloniex, and BitStamp that someone had logged into my crypto accounts. I have since run Malwarebytes and Spybot S&D, and quarantined several things. I suspect the perps are still able to read my email? I canceled all of my credit cards and notified the crypto companies. Below is my FRST file contents:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Gladys (administrator) on HOME (08-08-2018 13:18:18)
Running from C:\Users\Gladys\Desktop
Loaded Profiles: Gladys (Available Profiles: Gladys)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
() C:\Program Files\Free Desktop Clock\timeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe
(Cisco) C:\Users\Gladys\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2016-10-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-06-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [2090496 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2017-10-01] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()
HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\Run: [VideoGuardMonitor] => C:\Users\Gladys\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-14] (Cisco)
HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\Run: [SymphonyPreLoad] => "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2016-10-24]
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-07-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.766\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40768208-5520-4E16-8DDB-3CCBC19E8061}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7524429E-2920-48E9-928A-DEF374493538}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: fuoapkn9.default-1533398136189
FF ProfilePath: C:\Users\Gladys\AppData\Roaming\Mozilla\Sunbird\Profiles\ookgocag.default [2018-08-08]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org [2016-10-22] [Legacy] [not signed]
FF Extension: (Talkback) - C:\Program Files (x86)\Mozilla Sunbird\extensions\talkback@mozilla.org [2016-10-22] [Legacy] [not signed]
FF Extension: (Lightning stub extension for Sunbird) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2016-10-22] [Legacy] [not signed]
FF ProfilePath: C:\Users\Gladys\AppData\Roaming\Mozilla\Firefox\Profiles\fuoapkn9.default-1533398136189 [2018-08-08]
FF Session Restore: Mozilla\Firefox\Profiles\fuoapkn9.default-1533398136189 -> is enabled.
FF Extension: (Video DownloadHelper) - C:\Users\Gladys\AppData\Roaming\Mozilla\Firefox\Profiles\fuoapkn9.default-1533398136189\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-05]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2016-11-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default [2018-08-08]
CHR Extension: (Slides) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Jaxx Blockchain Wallet) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancbofgphhmhcchnaognahmjfajaecmo [2018-07-16]
CHR Extension: (Docs) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-19]
CHR Extension: (YouTube) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-19]
CHR Extension: (Notifier for Gmail™) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-03]
CHR Extension: (Sheets) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-19]
CHR Extension: (Pinterest Save Button) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-07-23]
CHR Extension: (CouponViewer) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpabcakadbfmhiinljgodpkdeolfchlo [2018-07-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-08-08]
CHR Extension: (Bloomberg) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\llgiblikeclfoebojkplbcmnicgcabhg [2017-07-11]
CHR Extension: (Video DownloadHelper) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\Gladys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-06-22] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7829784 2018-06-22] (AVG Technologies CZ, s.r.o.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.766\McCHSvc.exe [405392 2018-07-11] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-12-24] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189544 2018-06-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [222288 2018-06-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [194224 2018-06-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [339048 2018-06-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51952 2018-06-22] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-06-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [152016 2018-06-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [104256 2018-06-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78352 2018-06-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-06-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [458024 2018-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [203544 2018-06-22] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-06-22] (AVG Technologies CZ, s.r.o.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel® Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [191208 2018-07-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [114920 2018-08-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [48360 2018-08-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92792 2018-08-08] (Malwarebytes)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-08 13:18 - 2018-08-08 13:18 - 000026120 _____ C:\Users\Gladys\Desktop\FRST.txt
2018-08-08 13:18 - 2018-08-08 13:18 - 000000000 ____D C:\FRST
2018-08-08 13:16 - 2018-08-08 13:17 - 002412544 _____ (Farbar) C:\Users\Gladys\Desktop\FRST64.exe
2018-08-05 10:46 - 2018-08-05 10:46 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180805-104648.backup
2018-08-04 16:36 - 2018-08-04 16:37 - 001360035 _____ C:\Users\Gladys\Desktop\Resume July 19 2018-2.pdf
2018-08-04 16:36 - 2018-08-04 16:36 - 010595548 _____ C:\Users\Gladys\Desktop\Resume July 19 2018-2.odt
2018-08-04 14:46 - 2018-08-04 14:46 - 000000000 ____D C:\Users\Gladys\Desktop\soundalerts
2018-08-04 14:46 - 2017-11-14 12:32 - 000143132 _____ C:\Users\Gladys\Desktop\Push Button Trader - v1.6.ex4
2018-08-04 14:45 - 2018-08-04 14:45 - 000000000 ____D C:\Users\Gladys\Desktop\PushButtonGraphics
2018-08-04 12:49 - 2018-08-04 12:49 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-08-04 12:49 - 2018-08-04 12:49 - 000002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-08-04 12:49 - 2018-08-04 12:49 - 000000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-04 12:49 - 2018-08-04 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-04 12:49 - 2018-08-04 12:49 - 000000000 ____D C:\Program Files\CCleaner
2018-08-04 12:47 - 2018-08-04 12:48 - 016625464 _____ (Piriform Ltd) C:\Users\Gladys\Downloads\ccsetup545.exe
2018-08-04 12:05 - 2018-08-04 12:05 - 000688992 ____R (Swearware) C:\Users\Gladys\Desktop\dds.exe
2018-08-04 11:33 - 2018-08-04 11:33 - 000221184 _____ C:\Users\Gladys\Desktop\Hikackthis log_ F2- REG_system.ini_ UserInit (Resolved) - Solved Malware Logs - PC Pitstop Forums.pdf
2018-08-04 11:01 - 2018-08-04 11:01 - 000180224 _____ (PowerISO Computing, Inc.) C:\Users\Gladys\Downloads\PWRISOVM.EXE
2018-08-04 10:49 - 2018-08-04 10:49 - 000001252 _____ C:\Users\Gladys\Desktop\HousecallLauncher64.exe - Shortcut.lnk
2018-08-04 10:49 - 2018-08-04 10:49 - 000001175 _____ C:\Users\Gladys\Desktop\HijackThis.exe - Shortcut.lnk
2018-08-03 08:50 - 2018-08-03 08:50 - 000002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-03 08:50 - 2018-08-03 08:50 - 000002171 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-03 08:50 - 2018-08-03 08:50 - 000000000 ____D C:\Program Files\Google
2018-08-02 12:29 - 2018-08-02 14:10 - 000050614 _____ C:\Users\Gladys\Desktop\Specific Job Addendum-Forklift.pdf
2018-08-02 11:30 - 2018-08-02 12:29 - 000015057 _____ C:\Users\Gladys\Desktop\Specific Job Addendum-Forklift.odt
2018-07-31 11:55 - 2018-07-31 12:29 - 000272132 _____ C:\Windows\ntbtlog.txt
2018-07-31 07:25 - 2018-07-20 15:23 - 000000891 _____ C:\Windows\system32\Drivers\etc\hosts.20180731-072512.backup
2018-07-31 06:51 - 2018-07-31 06:51 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-07-31 06:50 - 2018-08-08 07:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-07-31 06:50 - 2018-07-31 07:22 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-31 06:50 - 2018-07-31 06:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-07-31 06:50 - 2018-07-31 06:50 - 000001398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-07-31 06:50 - 2018-07-31 06:50 - 000001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-07-31 06:50 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-07-31 06:43 - 2018-07-31 06:47 - 000014576 _____ C:\Users\Gladys\Desktop\Malwarebyte results July 31 2018.txt
2018-07-31 06:40 - 2018-08-08 11:16 - 000092792 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-07-31 06:40 - 2018-08-08 07:11 - 000048360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-07-31 06:40 - 2018-08-08 07:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-31 06:40 - 2018-08-08 07:10 - 000114920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-07-31 06:40 - 2018-07-31 11:55 - 000191208 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-07-31 06:40 - 2018-07-31 06:40 - 000001874 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-31 06:40 - 2018-07-31 06:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-31 06:40 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-07-30 18:53 - 2018-07-30 18:53 - 000000000 ____D C:\Users\Gladys\Documents\ScanGuard
2018-07-30 18:53 - 2018-07-30 18:53 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-07-30 18:39 - 2018-07-30 18:39 - 000317399 _____ C:\Users\Gladys\AppData\Local\census.cache
2018-07-30 18:39 - 2018-07-30 18:39 - 000125822 _____ C:\Users\Gladys\AppData\Local\ars.cache
2018-07-30 18:20 - 2018-07-30 18:20 - 000003126 _____ C:\Windows\System32\Tasks\{BA13407A-D413-4A87-9428-BD4945F44187}
2018-07-30 18:15 - 2018-07-30 18:15 - 002406064 _____ (Trend Micro Inc.) C:\Users\Gladys\Downloads\HousecallLauncher64.exe
2018-07-30 18:14 - 2018-07-30 18:15 - 000388608 _____ (Trend Micro Inc.) C:\Users\Gladys\Downloads\HijackThis.exe
2018-07-30 18:07 - 2018-07-30 18:07 - 000000036 _____ C:\Users\Gladys\AppData\Local\housecall.guid.cache
2018-07-30 18:07 - 2011-06-20 23:09 - 000200976 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2018-07-30 17:25 - 2018-07-30 17:57 - 000000000 ____D C:\Users\Gladys\Desktop\Clean up desktop folder
2018-07-30 17:02 - 2018-07-30 17:02 - 000114688 _____ C:\Users\Gladys\Downloads\[#1059639] Was I hacked_ _ Support Center.pdf
2018-07-30 16:12 - 2018-07-30 16:12 - 000000000 ___HD C:\$AV_AVG
2018-07-30 15:58 - 2018-07-30 15:58 - 000000000 ____D C:\ProgramData\Blogger
2018-07-30 15:53 - 2018-07-30 15:53 - 000000000 ____D C:\Users\Gladys\Documents\LeaderTask
2018-07-30 15:53 - 2018-07-30 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeaderTask
2018-07-30 15:52 - 2018-07-31 06:45 - 000000000 ____D C:\Program Files\Mjk2NjU
2018-07-30 15:52 - 2018-07-30 15:52 - 000000000 ____D C:\Program Files (x86)\LetaSoft LLC
2018-07-30 15:51 - 2018-07-31 20:50 - 000000000 ____D C:\Program Files (x86)\1Care Recovery
2018-07-30 15:51 - 2018-07-30 15:51 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Care Recovery
2018-07-30 15:37 - 2018-07-30 17:29 - 000000000 ____D C:\Users\Gladys\Desktop\Spanish Living Language cassette and Disc
2018-07-30 15:37 - 2018-07-30 15:37 - 000000000 ____D C:\Users\Gladys\Desktop\Spanish for Children
2018-07-30 15:37 - 2018-07-30 15:37 - 000000000 ____D C:\Users\Gladys\Desktop\Pimsleur's Spoken Spanish
2018-07-30 15:28 - 2018-07-30 17:29 - 000000000 ____D C:\Users\Gladys\Desktop\Spanish-  Beyond the Basics and On the Go
2018-07-30 11:08 - 2018-07-30 13:36 - 000015217 _____ C:\Users\Gladys\Desktop\Kelly sign on.odt
2018-07-30 02:38 - 2018-07-30 02:38 - 000108487 _____ C:\Windows\uninstaller.dat
2018-07-27 11:39 - 2018-07-27 11:25 - 000001912 _____ C:\Users\Gladys\Desktop\Alveo Beta.lnk
2018-07-25 10:58 - 2018-07-25 10:58 - 000480781 _____ C:\Users\Gladys\Downloads\PayOptionsDirectDeposit(e1993).pdf
2018-07-25 10:57 - 2018-07-25 10:57 - 000036202 _____ C:\Users\Gladys\Downloads\PayOptionsMoneyNetworkService(e1991).pdf
2018-07-25 10:43 - 2018-07-25 10:43 - 000078806 _____ C:\Users\Gladys\Downloads\InternationalAddressesInstructions (4).pdf
2018-07-25 10:40 - 2018-07-25 10:40 - 000078806 _____ C:\Users\Gladys\Downloads\InternationalAddressesInstructions (3).pdf
2018-07-25 10:34 - 2018-07-25 10:34 - 000078806 _____ C:\Users\Gladys\Downloads\InternationalAddressesInstructions (2).pdf
2018-07-25 10:33 - 2018-07-25 10:33 - 000078806 _____ C:\Users\Gladys\Downloads\InternationalAddressesInstructions (1).pdf
2018-07-25 10:31 - 2018-07-25 10:31 - 000078806 _____ C:\Users\Gladys\Downloads\InternationalAddressesInstructions.pdf
2018-07-25 07:38 - 2018-07-25 07:38 - 000294360 _____ (Adobe Systems Incorporated) C:\Users\Gladys\Documents\ConnectSetup.exe
2018-07-21 00:09 - 2018-07-30 16:07 - 000000000 ____D C:\Users\Gladys\AppData\Local\CrashDumps
2018-07-20 15:23 - 2018-08-03 15:23 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-07-20 15:23 - 2018-07-20 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-07-19 20:56 - 2018-07-19 20:56 - 001579506 _____ C:\Users\Gladys\Downloads\Resume July 19 2018.pdf
2018-07-19 17:47 - 2018-07-19 18:10 - 001579506 _____ C:\Users\Gladys\Desktop\Resume July 19 2018.pdf
2018-07-19 16:08 - 2018-08-04 16:26 - 000000000 ____D C:\Users\Gladys\Desktop\Paul Bio Pictures
2018-07-19 13:38 - 2018-07-19 13:37 - 000087438 _____ C:\Users\Gladys\Desktop\Paul Mulcahy - Reference.pdf
2018-07-19 13:37 - 2018-07-19 13:37 - 000087438 _____ C:\Users\Gladys\Downloads\Paul Mulcahy - Reference.pdf
2018-07-19 13:32 - 2018-07-19 18:10 - 010609592 _____ C:\Users\Gladys\Desktop\Resume July 19 2018.odt
2018-07-16 08:28 - 2018-07-16 08:28 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\Actual Tools
2018-07-16 08:28 - 2018-07-16 08:28 - 000000000 ____D C:\ProgramData\Actual Tools
2018-07-16 08:27 - 2018-07-16 08:50 - 000000000 ____D C:\Program Files (x86)\Actual Multiple Monitors
2018-07-16 08:27 - 2018-07-16 08:27 - 010779256 _____ (Actual Tools ) C:\Users\Gladys\Downloads\ammsetup.exe
2018-07-12 18:08 - 2018-06-20 19:58 - 000398376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-12 18:08 - 2018-06-20 19:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-12 18:08 - 2018-06-16 12:07 - 025743872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-12 18:08 - 2018-06-16 11:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-12 18:08 - 2018-06-16 11:46 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-12 18:08 - 2018-06-16 11:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-12 18:08 - 2018-06-16 11:33 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-12 18:08 - 2018-06-16 11:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-12 18:08 - 2018-06-16 11:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-12 18:08 - 2018-06-16 11:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-12 18:08 - 2018-06-16 11:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-12 18:08 - 2018-06-16 11:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-12 18:08 - 2018-06-16 11:27 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-12 18:08 - 2018-06-16 11:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-12 18:08 - 2018-06-16 11:23 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-12 18:08 - 2018-06-16 11:20 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-12 18:08 - 2018-06-16 11:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-07-12 18:08 - 2018-06-16 11:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-12 18:08 - 2018-06-16 11:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-12 18:08 - 2018-06-16 11:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-12 18:08 - 2018-06-16 11:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-12 18:08 - 2018-06-16 11:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-12 18:08 - 2018-06-16 11:08 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-12 18:08 - 2018-06-16 11:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-12 18:08 - 2018-06-16 11:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-07-12 18:08 - 2018-06-16 11:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-07-12 18:08 - 2018-06-16 11:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-07-12 18:08 - 2018-06-16 11:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-07-12 18:08 - 2018-06-16 11:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-07-12 18:08 - 2018-06-16 11:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-12 18:08 - 2018-06-16 11:02 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-12 18:08 - 2018-06-16 11:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-12 18:08 - 2018-06-16 10:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-07-12 18:08 - 2018-06-16 10:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-07-12 18:08 - 2018-06-16 10:58 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-12 18:08 - 2018-06-16 10:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-07-12 18:08 - 2018-06-16 10:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-12 18:08 - 2018-06-16 10:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-12 18:08 - 2018-06-16 10:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-07-12 18:08 - 2018-06-16 10:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-07-12 18:08 - 2018-06-16 10:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-12 18:08 - 2018-06-16 10:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-12 18:08 - 2018-06-16 10:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-07-12 18:08 - 2018-06-16 10:46 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-12 18:08 - 2018-06-16 10:44 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-12 18:08 - 2018-06-16 10:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-12 18:08 - 2018-06-16 10:42 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-12 18:08 - 2018-06-16 10:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-07-12 18:08 - 2018-06-16 10:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-07-12 18:08 - 2018-06-16 10:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-07-12 18:08 - 2018-06-16 10:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-12 18:08 - 2018-06-16 10:39 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-12 18:08 - 2018-06-16 10:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-07-12 18:08 - 2018-06-16 10:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-07-12 18:08 - 2018-06-16 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-07-12 18:08 - 2018-06-16 10:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-07-12 18:08 - 2018-06-16 10:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-12 18:08 - 2018-06-16 10:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-12 18:08 - 2018-06-16 10:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-07-12 18:08 - 2018-06-16 10:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-12 18:08 - 2018-06-16 10:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-07-12 18:08 - 2018-06-16 10:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-12 18:08 - 2018-06-16 10:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-07-12 18:08 - 2018-06-16 10:16 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-12 18:08 - 2018-06-16 10:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-12 18:08 - 2018-06-16 10:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-12 18:08 - 2018-06-16 10:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-12 18:08 - 2018-06-16 10:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-12 18:08 - 2018-06-13 11:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-12 18:08 - 2018-06-13 11:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-12 18:08 - 2018-06-13 10:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-12 18:08 - 2018-06-13 10:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-07-12 18:08 - 2018-06-13 10:40 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-12 18:08 - 2018-06-08 11:27 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-12 18:08 - 2018-06-08 11:27 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-12 18:08 - 2018-06-08 11:27 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-12 18:08 - 2018-06-08 11:27 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-12 18:08 - 2018-06-08 11:27 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-12 18:08 - 2018-06-08 11:23 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-12 18:08 - 2018-06-08 11:22 - 001665344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-12 18:08 - 2018-06-08 11:21 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-12 18:08 - 2018-06-08 11:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-12 18:08 - 2018-06-08 11:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 11:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-07-12 18:08 - 2018-06-08 11:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-07-12 18:08 - 2018-06-08 10:57 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-07-12 18:08 - 2018-06-08 10:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:44 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-12 18:08 - 2018-06-08 10:44 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-12 18:08 - 2018-06-08 10:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-12 18:08 - 2018-06-08 10:44 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-12 18:08 - 2018-06-08 10:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-12 18:08 - 2018-06-08 10:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-12 18:08 - 2018-06-08 10:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-12 18:08 - 2018-06-08 10:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-12 18:08 - 2018-06-08 10:34 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-12 18:08 - 2018-06-08 10:34 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-12 18:08 - 2018-06-08 10:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-12 18:08 - 2018-06-08 10:33 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-12 18:08 - 2018-06-08 10:33 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-12 18:08 - 2018-06-08 10:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-07-12 18:08 - 2018-06-08 10:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2018-07-12 18:08 - 2018-06-08 10:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-07-12 18:08 - 2018-06-08 10:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-07-12 18:08 - 2018-06-08 10:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-07-12 18:08 - 2018-06-08 10:21 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-07-12 18:08 - 2018-06-08 10:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-07-12 18:08 - 2018-06-08 10:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-07-12 18:08 - 2018-06-08 10:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-07-12 18:08 - 2018-06-08 10:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-07-12 18:08 - 2018-06-07 11:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-12 18:08 - 2018-06-07 11:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-12 18:08 - 2018-06-07 11:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-12 18:08 - 2018-06-07 11:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-12 18:08 - 2018-06-07 10:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-07-12 18:08 - 2018-06-07 10:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-12 18:08 - 2018-06-07 10:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-07-12 18:08 - 2018-05-31 11:28 - 001893568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-12 18:08 - 2018-05-31 11:28 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-12 18:08 - 2018-05-31 11:28 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-12 18:08 - 2018-05-02 10:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-12 18:08 - 2018-05-02 10:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-12 18:08 - 2018-04-26 08:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-07-12 18:08 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-07-12 18:08 - 2018-04-25 11:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-12 18:08 - 2018-04-25 10:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-12 18:05 - 2018-06-13 11:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-12 18:05 - 2018-06-13 11:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-12 18:05 - 2018-06-08 08:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-12 18:05 - 2018-06-08 08:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-12 04:01 - 2018-07-13 09:38 - 000000000 ____D C:\Users\Gladys\Desktop\CNS Basket closed trade pictures
2018-07-10 12:34 - 2018-05-20 23:22 - 000001828 _____ C:\Users\Gladys\Desktop\Alveo.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-08 13:11 - 2009-07-13 23:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-08 13:11 - 2009-07-13 23:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-08 11:27 - 2016-10-19 13:08 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\vlc
2018-08-08 07:17 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-08 07:17 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-08-08 07:13 - 2016-11-16 08:28 - 000000000 ____D C:\Users\Gladys\AppData\LocalLow\Mozilla
2018-08-08 07:10 - 2016-07-15 17:25 - 000000000 __SHD C:\Users\Gladys\IntelGraphicsProfiles
2018-08-08 07:10 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-07 07:31 - 2016-11-05 07:40 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\Alveo
2018-08-05 22:58 - 2016-10-23 10:00 - 000000000 ____D C:\Users\Gladys\dwhelper
2018-08-05 10:27 - 2017-05-07 07:24 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForGladys.job
2018-08-05 08:23 - 2017-05-07 07:24 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGladys
2018-08-04 20:49 - 2017-10-29 07:43 - 005087008 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-04 13:53 - 2016-10-01 11:58 - 000132776 _____ C:\Users\Gladys\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-04 13:13 - 2016-10-29 08:24 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\TeamViewer
2018-08-04 10:48 - 2009-07-13 21:34 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180805-104617.backup
2018-08-03 12:15 - 2009-07-13 21:34 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180804-104850.backup
2018-08-01 09:02 - 2016-10-19 13:32 - 000000000 ____D C:\Users\Gladys\Desktop\# # # Paul
2018-07-31 21:45 - 2009-07-13 21:34 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180803-121527.backup
2018-07-31 21:11 - 2009-07-13 21:34 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180731-214543.backup
2018-07-31 07:25 - 2009-07-13 21:34 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts.20180731-211100.backup
2018-07-31 06:40 - 2016-10-19 13:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-31 06:10 - 2016-10-19 13:06 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-31 06:08 - 2016-10-19 13:06 - 000002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-30 18:17 - 2016-07-15 17:27 - 000000000 ____D C:\Users\Gladys\AppData\Local\VirtualStore
2018-07-28 21:25 - 2017-12-09 09:32 - 000016384 _____ C:\Users\Gladys\Desktop\Compound Interest Calculator(1).xls
2018-07-28 12:12 - 2018-05-13 09:21 - 000002469 _____ C:\Users\Gladys\Desktop\Grammarly.lnk
2018-07-28 12:12 - 2018-05-13 09:21 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2018-07-28 12:12 - 2018-05-13 09:21 - 000000000 ____D C:\Users\Gladys\AppData\Local\GrammarlyForWindows
2018-07-27 11:25 - 2017-01-03 08:36 - 000001918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Alveo Beta.lnk
2018-07-27 11:25 - 2017-01-03 08:36 - 000001912 _____ C:\Users\Public\Desktop\Alveo Beta.lnk
2018-07-27 11:25 - 2017-01-03 08:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alveo Beta
2018-07-27 11:25 - 2017-01-03 08:36 - 000000000 ____D C:\Program Files (x86)\Alveo Beta
2018-07-27 11:24 - 2016-11-04 05:56 - 000000000 ____D C:\Users\Gladys\AppData\Roaming\Apiary Investment Fund
2018-07-23 11:35 - 2018-06-07 16:46 - 000458024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-07-21 07:35 - 2018-06-07 16:46 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-07-20 15:23 - 2016-10-25 18:46 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-07-20 15:23 - 2016-10-25 13:54 - 000001971 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-07-13 21:30 - 2015-10-12 11:40 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-07-12 20:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-07-12 18:19 - 2015-10-12 11:23 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-12 18:10 - 2015-10-12 10:29 - 000000000 ____D C:\Windows\system32\MRT
2018-07-12 18:08 - 2015-10-12 10:29 - 134675576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-07-11 18:36 - 2017-12-10 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-11 18:36 - 2016-07-15 17:44 - 000001313 _____ C:\Users\Public\Desktop\Skype.lnk
2018-07-10 15:12 - 2018-03-14 06:12 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-10 15:12 - 2016-10-01 11:41 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-10 15:12 - 2016-10-01 11:41 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 15:12 - 2016-10-01 11:41 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-10 15:12 - 2016-10-01 11:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-10 15:12 - 2016-10-01 11:41 - 000000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2018-07-30 18:39 - 2018-07-30 18:39 - 000125822 _____ () C:\Users\Gladys\AppData\Local\ars.cache
2018-07-30 18:39 - 2018-07-30 18:39 - 000317399 _____ () C:\Users\Gladys\AppData\Local\census.cache
2016-10-19 13:32 - 2018-06-21 09:12 - 000000058 _____ () C:\Users\Gladys\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2018-07-30 18:07 - 2018-07-30 18:07 - 000000036 _____ () C:\Users\Gladys\AppData\Local\housecall.guid.cache
2018-03-18 10:10 - 2018-03-18 10:10 - 000001952 _____ () C:\Users\Gladys\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-06 10:45
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 09 August 2018 - 07:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your FRST.TXT log is clean.

Please post the Addition.txt log that was created by the Farbar program.

===

Also,
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#3 halucine

halucine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 11 August 2018 - 10:39 AM

As requested by NASDAQ, I am posting my Addition text below:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Gladys (08-08-2018 13:18:49)
Running from C:\Users\Gladys\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-07-15 22:25:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2987602481-623425528-622242634-500 - Administrator - Disabled)
Gladys (S-1-5-21-2987602481-623425528-622242634-1001 - Administrator - Enabled) => C:\Users\Gladys
Guest (S-1-5-21-2987602481-623425528-622242634-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2987602481-623425528-622242634-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Care Recovery (HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\{6FDD0897-D29A-4603-A205-2B9208DBBD87}) (Version: 9.1 - G3K Software LLC)
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{288DB08D-0708-4A94-B055-55B99E39EB62}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3BB84242}) (Version: 1.7.42.0 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.42.0 - Alcor Micro Corp.)
Alveo (HKLM-x32\...\{7A8F86FB-5578-495D-B3E4-1635C65457B4}) (Version: 1.5.10 - Apiary Investment Fund) Hidden
Alveo (HKLM-x32\...\Alveo 1.5.10) (Version: 1.5.10 - Apiary Investment Fund)
Alveo Beta (HKLM-x32\...\{B96188D3-72DC-41D8-96CB-C70B3762285C}) (Version: 1.5.35 - Apiary Investment Fund) Hidden
Alveo Beta (HKLM-x32\...\Alveo Beta 1.5.35) (Version: 1.5.35 - Apiary Investment Fund)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
Charter TV Player (HKLM-x32\...\{076af162-8f4c-4e36-9013-1673e5cf4d24}) (Version: 6.6 - Charter)
Cisco VideoGuard Player (HKLM-x32\...\{dfc759fd-a56f-4d04-8306-d1480137a065}) (Version: 6.6 - Cisco Systems, Inc)
ClocX (1.6.0) (HKLM-x32\...\ClocX) (Version:  - )
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
EA Monitor (HKLM-x32\...\EA Monitor) (Version:  - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.24.0.4208 - Blueberry)
FlashBack Plus 5 (HKLM-x32\...\FlashBack Plus 5) (Version: 5.22.0.4178 - Blueberry)
Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version:  - Drive Software Company)
Free Stopwatch (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 4.0.0.0 - Comfort Software Group)
GnuCash 2.6.17 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\GrammarlyForWindows) (Version: 1.5.41 - Grammarly)
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.9.24.3 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HT_ULTIMATE (HKLM-x32\...\HT_ULTIMATE) (Version:  - )
IBM Lotus Symphony (HKLM-x32\...\{638b91e2-b5ee-49f3-8348-be72f2d65d13}) (Version: 3.01.12011 - IBM)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
KMyMoney (remove only) (HKLM-x32\...\KMyMoney) (Version:  - )
LeaderTask version v2 (HKLM-x32\...\{B4DBF7E4-3DBD-4618-84B9-91A845BA3427}_is1) (Version: v2 - Organizer LeaderTask, LLC)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
market clock Screensaver (HKLM-x32\...\market clock Screensaver) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.766.1 - McAfee, Inc.)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
Mozilla Sunbird (0.9) (HKLM-x32\...\Mozilla Sunbird (0.9)) (Version: 0.9 (en-US) - Mozilla)
NetTime (HKLM-x32\...\NetTime_is1) (Version:  - Mark Griffiths)
NewsHound (HKLM-x32\...\NewsHound) (Version:  - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Rithmic Trader Pro 15.31.0.0 (HKLM-x32\...\{63A02E54-E876-499A-87B8-EC2D03F97FA1}) (Version: 15.31.0 - Omnesys Technologies, Inc.)
Screenshot Captor 4.8.5 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Scripts & Indicators (HKLM-x32\...\Scripts & Indicators) (Version:  - )
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
SketchUp 2018 Checkup (HKLM\...\{EACC16C0-3FDA-443D-94F3-191D64FC414B}_is1) (Version: 17.1.0 - Trimble Inc.)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
SoundBooster 14.15 (HKLM-x32\...\SoundBooster 14.15) (Version: 14.15 - LetaSoft LLC)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
Tallinex MetaTrader 4 (HKLM-x32\...\myFXbook Demo M1) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\myFXbook Demo M2) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\myFXbook Demo M3) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex Demo 01) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex Demo 02) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex DEMO 03) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 01) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 02) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 03) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 04) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 05) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 06) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 07) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 08) (Version: 4.00 - MetaQuotes Software Corp.)
Tallinex MetaTrader 4 (HKLM-x32\...\Tallinex LIVE 11) (Version: 4.00 - MetaQuotes Software Corp.)
Trade Manager (HKLM-x32\...\Trade Manager) (Version:  - )
Traders Way MetaTrader 4 (HKLM-x32\...\Traders Way 01) (Version: 4.00 - MetaQuotes Software Corp.)
Traders Way MetaTrader 4 (HKLM-x32\...\Traders Way 02) (Version: 4.00 - MetaQuotes Software Corp.)
Tradovate Trader (HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\tradovate_trader) (Version: 1.180323.0 - Tradovate, LLC)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2987602481-623425528-622242634-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-06-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-06-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04FF8169-B1D1-4D11-9116-9BDD9B87D938} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {197D3500-A437-458C-9F1C-FF45E3ACF380} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {21E8B982-A299-4B83-B49E-EC70845E1783} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {31F4623F-EF1A-4D19-9169-B6166D257FAE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {32DC8D2A-8DE6-43E2-B930-22A38093048A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {4A125F8F-5C20-48CD-84BB-E8431EF79955} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {4B996821-1E1B-476D-83AD-DE0ECAAF464C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {51C6A0FF-14B6-4F37-8C13-E956FC427EB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
Task: {52F70A29-7C7A-42AD-90F3-7FF5FFD1A5F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {57028AEF-B2FB-4503-BF29-9B2642B202D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {668164B2-8380-4C70-A311-D5A267B36D67} - System32\Tasks\AdobeAAMUpdater-1.0-home-Gladys => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {88AC5B81-EEC5-45A7-8CBE-68201F178011} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-06-22] (AVG Technologies CZ, s.r.o.)
Task: {90A8DD79-D8E5-4A93-8E4E-2144B20BE560} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {94FD4F08-4131-4E24-9709-BE2F2EF88009} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {999666BF-DFD5-4ACC-A449-6111AAD57AB4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {9A474A3D-B36C-4F4F-B00F-967611E1FADD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {A158A7FE-5738-4A2D-8CFF-CB77E04A9F87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {A4673858-2A95-413D-A3C7-C4DE654A1138} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {B08166DF-1CA6-40D2-9609-1A2E4733F2B5} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-26] (AVG Technologies CZ, s.r.o.)
Task: {D0ECF8D8-13AF-418D-8036-83C14876176E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
Task: {D6E6ED0A-C045-476F-99DC-ED1DDABEEBBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {DB5A11C6-A8B9-446F-880D-81E56B1243E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {E2331808-79B5-4377-B57A-BB43F61F3206} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
Task: {EC73A1FA-DDF8-486D-B159-E135DA8134DB} - System32\Tasks\{BA13407A-D413-4A87-9428-BD4945F44187} => C:\Windows\system32\pcalua.exe -a C:\Users\Gladys\Downloads\HijackThis.exe -d C:\Users\Gladys\Downloads
Task: {FE323516-DA4F-4AEE-BE07-4FC0C3141F77} - System32\Tasks\HPCeeScheduleForGladys => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForGladys.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Gladys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Gladys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-10-19 13:10 - 2013-04-24 19:20 - 002007040 _____ () C:\Program Files\Free Desktop Clock\timeserv.exe
2016-10-19 13:10 - 2013-06-07 20:20 - 001875968 _____ () C:\Program Files\Free Desktop Clock\Clock.dll
2016-10-19 13:31 - 2012-05-12 02:27 - 000473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe
2016-10-19 13:10 - 2013-06-27 23:07 - 004652544 _____ () C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe
2016-10-19 13:31 - 2012-05-12 10:28 - 000772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe
2018-07-31 06:40 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-31 06:40 - 2018-07-03 12:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-22 15:35 - 2018-06-22 15:35 - 000597232 _____ () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-06-25 13:43 - 2018-06-22 14:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 13:43 - 2018-06-22 14:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-06-22 15:35 - 2018-06-22 15:35 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-06-22 15:35 - 2018-06-22 15:35 - 000930032 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-06-22 15:35 - 2018-06-22 15:35 - 000533744 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-06-22 15:35 - 2018-06-22 15:35 - 000986352 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-08-08 07:11 - 2018-08-08 07:11 - 005980912 _____ () C:\Program Files\AVG\Antivirus\defs\18080802\algo.dll
2018-06-07 16:46 - 2018-06-07 16:46 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2011-09-15 18:19 - 2011-09-15 18:19 - 000081920 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-09-15 18:19 - 2011-09-15 18:19 - 000110592 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2016-10-25 06:20 - 2016-10-25 06:20 - 000073728 _____ () C:\Users\Gladys\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\246\1\.cp\swtIbmWrapper.dll
2016-10-25 06:20 - 2016-10-25 06:20 - 000077824 _____ () C:\Users\Gladys\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\381\1\.cp\officebean.dll
2015-10-12 12:15 - 2015-10-12 12:15 - 000106496 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\comex.dll
2011-09-15 18:19 - 2011-09-15 18:19 - 000208896 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20110915-1350\os\win32\x86\os.dll
2015-10-12 12:15 - 2015-10-12 12:15 - 000077824 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.filetype.win32.x86_3.0.1.20120110-2000\seditorReg.dll
2015-10-12 12:16 - 2015-10-12 12:16 - 000967168 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\libxml2.dll
2015-10-12 12:15 - 2015-10-12 12:15 - 000163840 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.1.20120110-2000\basis\program\libxslt.dll
2015-10-12 12:15 - 2015-10-12 12:15 - 000139264 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.1.20120110-2000\basis\program\NSLDAP32V50.dll
2018-07-12 20:16 - 2018-07-12 20:16 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\91ec56fb5b2322a1477fece8039739d4\IsdiInterop.ni.dll
2017-10-01 06:50 - 2017-10-01 06:50 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-10-12 11:42 - 2013-01-15 01:25 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7940 more sites.
 
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2987602481-623425528-622242634-1001\...\123simsen.com -> www.123simsen.com
 
There are 7940 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2018-08-05 10:46 - 000454571 ____R C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 15602 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2987602481-623425528-622242634-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{123F5904-97FA-4FB0-852F-A9AC1F03B83D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6182F6D3-8398-4BDB-BF7A-CD33F28C8B80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC4DCF7A-EB11-422C-92B3-83C738EAB987}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BDDEDF5-EEC8-4233-8A5F-507824B00873}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BB7A7DC5-BB50-403B-A217-991D0C229639}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{82A9A277-6B6E-4949-8FDD-1325A267B2F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F6AD23E4-DC71-457C-9B6A-0B24168A7F2D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EE60D324-7F8E-442F-91A3-B181E2CBACA1}] => (Allow) C:\MT5 from MQL5 generic\metatester64.exe
FirewallRules: [{E51B6CF9-DCF8-4423-B6AA-AE7AFBD8B707}] => (Allow) C:\Program Files (x86)\Alveo\Alveo.exe
FirewallRules: [{121B1761-A2D8-4F91-A792-0C660130B2CC}] => (Allow) C:\Program Files (x86)\Alveo\updater.exe
FirewallRules: [{A9FBAF65-4FC1-4066-88E5-4B5C03E40050}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{D1F5FF99-17E0-4029-8CB0-88C82F99397F}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{611C892D-0450-40F6-84B1-B44721FCDA05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{76C5577E-CDF1-4B8F-8D8B-552502EEC044}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{4AFF04E6-CD07-4CF6-AA25-4EBE51A30482}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{2D6C691F-63AF-49A5-9094-F0704F271854}] => (Allow) C:\Program Files (x86)\Alveo Beta\Alveo Beta.exe
FirewallRules: [{C90B93D2-98CF-49BE-98A0-00E4657614ED}] => (Allow) C:\Program Files (x86)\Alveo Beta\updater.exe
FirewallRules: [{44D7F7A4-5936-4936-9ACC-92869EBF6C5D}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{4B7F4A1F-CD39-44A0-86AC-F6ED862A73CE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BEE7C449-5707-45DA-81C7-C75EFCA1F0DB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
04-08-2018 16:16:38 Scheduled Checkpoint
05-08-2018 11:26:20 Installed Visual C++ Runtime for Dragon NaturallySpeaking.
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2018 07:10:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/07/2018 06:19:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/07/2018 02:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/07/2018 06:06:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/06/2018 10:15:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/06/2018 05:07:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/06/2018 01:41:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/06/2018 07:18:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (08/04/2018 05:36:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KMMULCAHY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40768208-5520-4E16-8DDB-3CCBC19E8061}.
The master browser is stopping or an election is being forced.
 
Error: (08/03/2018 11:53:05 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/31/2018 10:24:32 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KMMULCAHY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{40768208-5520-4E16-8DDB-3CCBC19E8061}.
The master browser is stopping or an election is being forced.
 
Error: (07/31/2018 09:09:07 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (07/31/2018 12:04:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/31/2018 11:55:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/31/2018 11:55:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/31/2018 11:55:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 86%
Total physical RAM: 8071.55 MB
Available physical RAM: 1069.67 MB
Total Virtual: 16141.27 MB
Available Virtual: 8229.44 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:109.57 GB) (Free:18.28 GB) NTFS
 
\\?\Volume{25a024c2-1cfb-11e6-82b7-806e6f6e6963}\ (System) (Fixed) (Total:9.67 GB) (Free:3.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 7684AAF2)
Partition 1: (Active) - (Size=9.7 GB) - (Type=27)
Partition 2: (Not Active) - (Size=109.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 halucine

halucine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 11 August 2018 - 12:40 PM

Below is my Rogue Report:

 

RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gladys [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/11/2018 12:01:04 (Duration : 00:22:44)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2987602481-623425528-622242634-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2987602481-623425528-622242634-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7PC128HAFU-000 +++++
--- User ---
[MBR] 30cca0229f00a9b90efaeee772ac381a
[BSP] 64b4ec906c363c3ca7cc5102d31dc0dc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9907 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 20291584 | Size: 112195 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 11 August 2018 - 01:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Screenshot Captor 4.8.5 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
Version 5.45 is compromised. Delete it and get the previous version.
https://www.bleepingcomputer.com/news/software/ccleaner-v545-pulled-due-to-anger-over-usage-data-collection/
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:


Task: {EC73A1FA-DDF8-486D-B159-E135DA8134DB} - System32\Tasks\{BA13407A-D413-4A87-9428-BD4945F44187} => C:\Windows\system32\pcalua.exe -a C:\Users\Gladys\Downloads\HijackThis.exe -d C:\Users\Gladys\Downloads
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
C:\Users\Gladys\Downloads\HijackThis.exe

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
HijackThis is no longer supported and not ready for your Operating system.
Use the Farbar Recovery Scan Tool from now on to report problems as you did.
<<<>>>

Your computer is clean. You decide if you want to run this scan.

This scan may take an hour or two. Execute it when you know you will not need the comuuter.

Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

#6 halucine

halucine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 12 August 2018 - 10:36 PM

Well, I ran the ESET scan, and it found 5 infections, which it quarantined. I did see the list of threats, and they did, in fact, look nasty. Unfortunately, I got an overseas skype call (my wife in the picture, in Thailand) on my other laptop and I had to take that, and I was distracted and clicked finish before EXPORTING the log file. I did run the scan again thinking I could export the quarantine files, but I couldn't so I closed the scanner again before I realized I should have put the quarantined files back and then run the scan again, and I would export the log file this time. So I ran the scan yet a 3rd time, only this time, I got clean results (no threats) and the quarantine file option was not even there now. How important was it to see the 5 threats from the ESET scan? I suppose it was rather important, darn it. What should I do next please?


Edited by halucine, 13 August 2018 - 11:11 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 13 August 2018 - 10:41 AM

Do not worry. Nothing you can do.

Any remaining issues with this computer.

#8 halucine

halucine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 13 August 2018 - 11:37 AM

Can I assume that the machine is clean at this point?  And if so, what do you recommend I run as a "real time" antivrus that can stop hacker intrusions, and protect my files? ZoneAlarm? ESET? Spybot? AVG? If you have a link to what you would recommend I will use it. I need a way to get access to my passwords safely as I travel.

 

Also, I had my RDP to my VPS on the desktop of this computer. All you had to do was click on the RDP and it would take you to the vps. VPS is running  Windows Server 2012 R2, and it is running a mysql database that I can't mess up. Can I check the VPS too, just as I checked this machine?


Edited by halucine, 13 August 2018 - 12:27 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:54 PM

Posted 13 August 2018 - 01:01 PM

Hi,

Follow the recommendations on the RDP here.

https://security.berkeley.edu/resources/best-practices-how-articles/system-application-security/securing-remote-desktop-rdp-system

==

I think that your current protections is adequate.
Keep all of them up to date.

#10 halucine

halucine
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 13 August 2018 - 02:16 PM

Thank you for all your help! Best of luck to you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users