Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection by PUPs


  • This topic is locked This topic is locked
34 replies to this topic

#1 mrmatt

mrmatt

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 11 August 2018 - 01:50 PM

I installed recently a program called Driver Talent.

 

It turns out there were PUPs: PCCleaner, ByteTech Antimalware.

 

It has also changed Firefox home page.

 

Can someone advise please?

 

I tried a system restore but this failed (Appstaging).


Edited by mrmatt, 11 August 2018 - 01:52 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:44 PM

Posted 11 August 2018 - 01:58 PM

Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html, please post the FRST data requested.

 

Louis



#3 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 11 August 2018 - 02:11 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Wendy (administrator) on DESKTOP-K8OSN9T (11-08-2018 20:08:45)
Running from C:\Users\Wendy\Desktop\Matt\FRST
Loaded Profiles: Wendy (Available Profiles: Wendy)
Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera_crashreporter.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
(Opera Software) C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [3523848 2018-07-03] (Paramount Software UK Ltd)
HKLM\...\Run: [ALU] => C:\Program Files\Packard Bell\Packard Bell Updater\ALU.exe [2379056 2017-04-21] (Acer Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\Run: [Chromium] => c:\users\wendy\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9098ec8e-6732-4929-a2c1-fccfca2a42eb}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wupuf.com/?f=1&a=wbf_ostotofs_18_32_13&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztCyByByCtDtAzz0E0FtBtN0D0Tzu0StByEtCyEtN1L2XzuyEtFtByCtFtDtFtCtDzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DyEyEtD0BtCzztGtBtAtC0EtGzy0AzytAtGtAtB0A0DtGyDyBzzyDyE0A0BtA0C0Dzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PzztDtByCtB1OyBtG1S1PtDtAtGyEyByEtAtGzzyBtCtDtGtDtAyB1RyBtDyCtDtAyByEtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyByCzztN1Q2Z1B1P1RzutCyDtAyEtDtCtDyByCyB&cr=1145899923&ir=&uref=IE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wupuf.com/?f=1&a=wbf_ostotofs_18_32_13&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztCyByByCtDtAzz0E0FtBtN0D0Tzu0StByEtCyEtN1L2XzuyEtFtByCtFtDtFtCtDzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DyEyEtD0BtCzztGtBtAtC0EtGzy0AzytAtGtAtB0A0DtGyDyBzzyDyE0A0BtA0C0Dzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PzztDtByCtB1OyBtG1S1PtDtAtGyEyByEtAtGzzyBtCtDtGtDtAyB1RyBtDyCtDtAyByEtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyByCzztN1Q2Z1B1P1RzutCyDtAyEtDtCtDyByCyB&cr=1145899923&ir=&uref=IE
HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wupuf.com/?f=1&a=wbf_ostotofs_18_32_13&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztCyByByCtDtAzz0E0FtBtN0D0Tzu0StByEtCyEtN1L2XzuyEtFtByCtFtDtFtCtDzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DyEyEtD0BtCzztGtBtAtC0EtGzy0AzytAtGtAtB0A0DtGyDyBzzyDyE0A0BtA0C0Dzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PzztDtByCtB1OyBtG1S1PtDtAtGyEyByEtAtGzzyBtCtDtGtDtAyB1RyBtDyCtDtAyByEtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyByCzztN1Q2Z1B1P1RzutCyDtAyEtDtCtDyByCyB&cr=1145899923&ir=&uref=IE
SearchScopes: HKU\S-1-5-21-2009218519-3274899539-1962924502-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.wupuf.com/?f=4&a=wbf_ostotofs_18_32_13&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztCyByByCtDtAzz0E0FtBtN0D0Tzu0StByEtCyEtN1L2XzuyEtFtByCtFtDtFtCtDzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DyEyEtD0BtCzztGtBtAtC0EtGzy0AzytAtGtAtB0A0DtGyDyBzzyDyE0A0BtA0C0Dzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PzztDtByCtB1OyBtG1S1PtDtAtGyEyByEtAtGzzyBtCtDtGtDtAyB1RyBtDyCtDtAyByEtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyByCzztN1Q2Z1B1P1RzutCyDtAyEtDtCtDyByCyB&cr=1145899923&ir=&uref=IE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2009218519-3274899539-1962924502-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.wupuf.com/?f=4&a=wbf_ostotofs_18_32_13&cd=2XzuyEtN2Y1L1Qzu0DtDtByBzzzztCyByByCtDtAzz0E0FtBtN0D0Tzu0StByEtCyEtN1L2XzuyEtFtByCtFtDtFtCtDzytN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0DyEyEtD0BtCzztGtBtAtC0EtGzy0AzytAtGtAtB0A0DtGyDyBzzyDyE0A0BtA0C0Dzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1PzztDtByCtB1OyBtG1S1PtDtAtGyEyByEtAtGzzyBtCtDtGtDtAyB1RyBtDyCtDtAyByEtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzyByCzztN1Q2Z1B1P1RzutCyDtAyEtDtCtDyByCyB&cr=1145899923&ir=&uref=IE&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-18] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 97h7a6kg.default
FF ProfilePath: C:\Users\Wendy\AppData\Roaming\TomTom\HOME\Profiles\qae41ku3.default [2018-07-08]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default [2018-08-11]
FF Homepage: Mozilla\Firefox\Profiles\97h7a6kg.default -> about:home
FF SearchPlugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml [2018-08-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-18] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2009218519-3274899539-1962924502-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Wendy\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://sandwell.anywhere.me/","hxxp://anywhere.me/sandwell","search.mpc.am"
CHR Profile: C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default [2018-08-09]
CHR Extension: (Slides) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-28]
CHR Extension: (Docs) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-28]
CHR Extension: (Google Drive) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-28]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-28]
CHR Extension: (YouTube) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-28]
CHR Extension: (Adblock Plus) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-28]
CHR Extension: (Download Manager) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\daoidaoebhfcgccdpgjjcbdginkofmfe [2018-07-28]
CHR Extension: (Sheets) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-28]
CHR Extension: (CircuitLab) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\haghanbgfkfpmepoohpigmglbfejljoj [2018-07-28]
CHR Extension: (World Time Buddy) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2018-07-28]
CHR Extension: (IP Address) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2018-07-28]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2018-07-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-08-01]
CHR Extension: (Google Mail Checker) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-28]
CHR Extension: (Gmail) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-28]
CHR Extension: (DNS Lookup Tool) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmoihpmadfbckodanllgbmgacdaoelga [2018-07-28]
CHR Profile: C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-30]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 LCleanerSvc; C:\Program Files (x86)\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [257440 2016-06-08] (Acer Incorporated)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4091112 2017-11-09] (Paramount Software UK Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-08-11] (Malwarebytes)
R1 MpKsl0d687b0a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9818FE00-1122-405C-BF61-7D85C54C470E}\MpKsl0d687b0a.sys [58120 2018-08-11] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2018-08-09] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 s115bus; C:\Windows\System32\drivers\s115bus.sys [108296 2007-04-23] (MCCI Corporation)
S3 s115mdfl; C:\Windows\system32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation)
S3 s115mdm; C:\Windows\system32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation)
S3 s115mgmt; C:\Windows\system32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation)
S3 s115obex; C:\Windows\system32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 19:38 - 2018-08-11 19:38 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-11 19:38 - 2018-08-11 19:38 - 000000000 ___HD C:\OneDriveTemp
2018-08-11 19:08 - 2018-08-11 19:08 - 000000000 ____D C:\Users\Wendy\AppData\Local\chromium
2018-08-11 19:07 - 2018-08-11 19:17 - 000000300 _____ C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job
2018-08-11 19:07 - 2018-08-11 19:07 - 000002840 _____ C:\Windows\System32\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}
2018-08-11 19:07 - 2018-08-11 19:07 - 000000027 _____ C:\ProgramData\serverclasscache.ini
2018-08-11 19:06 - 2018-08-11 19:08 - 000000000 ____D C:\ProgramData\DriverTalent
2018-08-11 19:06 - 2018-08-11 19:07 - 000000000 ____D C:\Program Files (x86)\PCCleaner
2018-08-11 19:06 - 2018-08-11 19:06 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\DriverTalent
2018-08-11 19:06 - 2018-08-11 19:06 - 000000000 ____D C:\ProgramData\PlugCache
2018-08-11 19:06 - 2018-08-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCCleaner
2018-08-11 19:05 - 2018-08-11 19:12 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2018-08-11 11:46 - 2018-08-11 11:46 - 000089982 _____ C:\Users\Wendy\Downloads\National Express West Midlands_11A.pdf
2018-08-10 19:37 - 2018-08-10 19:37 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-08-10 01:01 - 2018-08-10 01:01 - 000000000 ____D C:\Users\Wendy\AppData\Local\Daimler
2018-08-10 01:01 - 2018-08-10 01:01 - 000000000 ____D C:\Program Files (x86)\TomTom International B.V
2018-08-09 21:15 - 2018-08-09 21:18 - 000000988 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2018-08-09 21:15 - 2018-08-09 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2018-08-09 21:14 - 2018-08-09 21:18 - 000000000 ____D C:\Program Files (x86)\MyDrive Connect
2018-08-08 20:41 - 2018-08-09 05:02 - 000031152 _____ C:\Windows\system32\Drivers\pmxdrv.sys
2018-08-06 18:13 - 2018-08-06 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-05 12:40 - 2018-08-05 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S Gotu2 v5.2.1
2018-08-04 19:22 - 2018-08-10 09:31 - 000000000 ____D C:\Program Files (x86)\Alcatel PC Suite
2018-08-04 19:22 - 2018-08-04 19:22 - 000000000 ____D C:\Windows\QdAvPlug
2018-08-04 19:22 - 2018-08-04 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcatel PC Suite
2018-08-04 19:22 - 2005-08-31 17:14 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-08-04 19:22 - 2003-03-18 20:04 - 000765952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71d.dll
2018-08-04 19:22 - 2003-03-18 20:03 - 000544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2018-08-04 19:22 - 2003-02-21 14:42 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2018-08-04 19:22 - 2002-01-05 03:37 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2018-08-04 19:19 - 2018-08-05 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.4.7
2018-08-04 14:25 - 2018-08-05 12:40 - 000000000 ____D C:\Mobile Upgrade S Gotu2 v5.2.1
2018-08-04 14:14 - 2018-08-05 12:42 - 000000000 ____D C:\Mobile Upgrade S 4.4.7
2018-08-02 16:47 - 2018-08-02 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-08-02 16:47 - 2018-08-02 16:47 - 000000000 ____D C:\Program Files\Speccy
2018-08-02 05:13 - 2018-08-02 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Suite
2018-08-01 08:07 - 2018-08-01 08:07 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\dvdcss
2018-08-01 08:05 - 2018-08-01 08:08 - 000000000 ____D C:\Users\Wendy\Desktop\Moonshiners Belgium 2018
2018-07-31 18:03 - 2018-07-31 18:07 - 000000000 ____D C:\Program Files (x86)\AppCleaner
2018-07-30 22:18 - 2018-07-30 22:18 - 000000000 ____D C:\Windows\System32\Tasks\Leader Technologies
2018-07-30 22:17 - 2018-07-30 22:17 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\Leadertech
2018-07-30 20:19 - 2018-07-30 20:19 - 000000000 ____D C:\Users\Wendy\.android
2018-07-30 20:19 - 2014-08-08 14:24 - 000243712 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\qcusbser.sys
2018-07-30 20:19 - 2012-08-22 21:49 - 000025088 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\cdrombus.sys
2018-07-30 20:18 - 2018-08-02 05:13 - 000000000 ____D C:\Program Files (x86)\Smart Suite
2018-07-30 20:18 - 2018-07-30 20:18 - 000000000 ____D C:\Users\Wendy\Documents\Smart Suite
2018-07-30 12:58 - 2018-07-30 12:58 - 000000000 ____D C:\ProgramData\Acer
2018-07-30 12:53 - 2018-07-30 12:53 - 000004070 _____ C:\Windows\System32\Tasks\UALU notificatin
2018-07-30 12:53 - 2018-07-30 12:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support
2018-07-30 12:53 - 2018-07-30 12:53 - 000000000 ____D C:\ProgramData\Packard Bell
2018-07-30 12:53 - 2018-07-30 12:53 - 000000000 ____D C:\Program Files\Packard Bell
2018-07-30 12:53 - 2018-07-30 12:53 - 000000000 ____D C:\OEM
2018-07-30 10:42 - 2018-07-30 10:42 - 000000000 ____D C:\ProgramData\IsolatedStorage
2018-07-30 10:42 - 2018-07-30 10:42 - 000000000 ____D C:\Program Files (x86)\FileHippo.com
2018-07-29 21:08 - 2018-07-29 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-07-29 21:08 - 2018-07-29 21:08 - 000000000 ____D C:\Program Files\Google
2018-07-28 10:15 - 2018-07-28 10:15 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\Google
2018-07-28 09:06 - 2018-08-08 23:11 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-28 09:06 - 2018-08-08 23:11 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-28 09:04 - 2018-07-29 21:08 - 000000000 ____D C:\Users\Wendy\AppData\Local\Google
2018-07-28 09:04 - 2018-07-28 09:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-28 09:04 - 2018-07-28 09:04 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-28 09:04 - 2018-07-28 09:04 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-25 17:42 - 2018-07-25 17:42 - 000000000 ____D C:\Users\Wendy\Documents\HpReg_Backup
2018-07-25 08:17 - 2018-07-15 01:43 - 012710400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-25 08:17 - 2018-07-14 07:46 - 023862784 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-07-25 08:17 - 2018-07-14 07:42 - 019525632 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-07-25 08:17 - 2018-07-14 05:19 - 009147808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-25 08:17 - 2018-07-14 05:18 - 007436112 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-07-25 08:17 - 2018-07-14 05:15 - 006044112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-07-25 08:17 - 2018-07-14 05:08 - 022006784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-07-25 08:17 - 2018-07-14 05:03 - 019404288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-25 08:17 - 2018-07-14 05:01 - 025846784 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-07-25 08:17 - 2018-07-14 05:00 - 022714368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-25 08:17 - 2018-07-14 04:58 - 008188416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-07-25 08:17 - 2018-07-14 04:57 - 007057920 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2018-07-25 08:17 - 2018-07-14 04:55 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-07-25 08:17 - 2018-07-14 04:54 - 007579648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-07-25 08:16 - 2018-07-15 01:58 - 000094112 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2018-07-25 08:16 - 2018-07-15 01:56 - 001523240 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-07-25 08:16 - 2018-07-15 01:44 - 006587392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2018-07-25 08:16 - 2018-07-15 01:44 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-07-25 08:16 - 2018-07-15 01:42 - 008624128 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-07-25 08:16 - 2018-07-15 01:42 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2018-07-25 08:16 - 2018-07-15 01:41 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.XamlHost.dll
2018-07-25 08:16 - 2018-07-15 01:41 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\ProvSysprep.dll
2018-07-25 08:16 - 2018-07-15 01:39 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2018-07-25 08:16 - 2018-07-15 01:39 - 001605632 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 003652608 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-07-25 08:16 - 2018-07-15 01:38 - 002051584 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 001004032 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2018-07-25 08:16 - 2018-07-15 01:38 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-25 08:16 - 2018-07-15 01:36 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2018-07-25 08:16 - 2018-07-15 00:28 - 001327424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-07-25 08:16 - 2018-07-15 00:18 - 005657600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-07-25 08:16 - 2018-07-15 00:17 - 011901440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-25 08:16 - 2018-07-15 00:15 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-07-25 08:16 - 2018-07-15 00:14 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2018-07-25 08:16 - 2018-07-15 00:13 - 002895360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-07-25 08:16 - 2018-07-15 00:13 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-07-25 08:16 - 2018-07-15 00:13 - 001308160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-07-25 08:16 - 2018-07-15 00:13 - 000775168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-07-25 08:16 - 2018-07-15 00:13 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-07-25 08:16 - 2018-07-15 00:13 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-07-25 08:16 - 2018-07-15 00:11 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-07-25 08:16 - 2018-07-14 05:37 - 000375712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-07-25 08:16 - 2018-07-14 05:37 - 000230304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2018-07-25 08:16 - 2018-07-14 05:30 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-07-25 08:16 - 2018-07-14 05:24 - 001174432 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-07-25 08:16 - 2018-07-14 05:23 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-07-25 08:16 - 2018-07-14 05:23 - 000760888 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-07-25 08:16 - 2018-07-14 05:23 - 000269224 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-07-25 08:16 - 2018-07-14 05:22 - 006813744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2018-07-25 08:16 - 2018-07-14 05:22 - 001144664 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2018-07-25 08:16 - 2018-07-14 05:22 - 000510392 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2018-07-25 08:16 - 2018-07-14 05:22 - 000203560 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2018-07-25 08:16 - 2018-07-14 05:21 - 001063328 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-07-25 08:16 - 2018-07-14 05:21 - 001012640 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-07-25 08:16 - 2018-07-14 05:21 - 000722824 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-07-25 08:16 - 2018-07-14 05:21 - 000192920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-25 08:16 - 2018-07-14 05:20 - 001457128 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-25 08:16 - 2018-07-14 05:20 - 000567176 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-07-25 08:16 - 2018-07-14 05:20 - 000184472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2018-07-25 08:16 - 2018-07-14 05:20 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-07-25 08:16 - 2018-07-14 05:19 - 002535032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2018-07-25 08:16 - 2018-07-14 05:19 - 001946752 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-07-25 08:16 - 2018-07-14 05:19 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-07-25 08:16 - 2018-07-14 05:19 - 000981920 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2018-07-25 08:16 - 2018-07-14 05:19 - 000713368 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2018-07-25 08:16 - 2018-07-14 05:19 - 000636944 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-07-25 08:16 - 2018-07-14 05:19 - 000483024 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 002563984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 002371416 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 001097648 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 001017584 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 000930712 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-07-25 08:16 - 2018-07-14 05:18 - 000613176 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 000443216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2018-07-25 08:16 - 2018-07-14 05:18 - 000376216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2018-07-25 08:16 - 2018-07-14 05:17 - 006527056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-07-25 08:16 - 2018-07-14 05:17 - 002420632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-07-25 08:16 - 2018-07-14 05:17 - 001140568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-07-25 08:16 - 2018-07-14 05:17 - 000983008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-07-25 08:16 - 2018-07-14 05:17 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-07-25 08:16 - 2018-07-14 05:17 - 000743320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2018-07-25 08:16 - 2018-07-14 05:16 - 002331576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-07-25 08:16 - 2018-07-14 05:16 - 001143096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-07-25 08:16 - 2018-07-14 05:16 - 000506728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2018-07-25 08:16 - 2018-07-14 05:15 - 001559368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-07-25 08:16 - 2018-07-14 05:15 - 001174552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-25 08:16 - 2018-07-14 05:15 - 001129640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-07-25 08:16 - 2018-07-14 05:15 - 000829856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-07-25 08:16 - 2018-07-14 05:15 - 000581696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-07-25 08:16 - 2018-07-14 05:15 - 000567144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-07-25 08:16 - 2018-07-14 05:03 - 006661120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-07-25 08:16 - 2018-07-14 05:01 - 006647296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2018-07-25 08:16 - 2018-07-14 04:59 - 009084928 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2018-07-25 08:16 - 2018-07-14 04:59 - 005883392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2018-07-25 08:16 - 2018-07-14 04:59 - 003553280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-07-25 08:16 - 2018-07-14 04:58 - 004371456 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-07-25 08:16 - 2018-07-14 04:58 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2018-07-25 08:16 - 2018-07-14 04:58 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-07-25 08:16 - 2018-07-14 04:58 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 005779456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 004331008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-07-25 08:16 - 2018-07-14 04:57 - 000391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 004559872 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 002697216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Controls.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 002449408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 001986560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 001703936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Controls.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 001558016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 000257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 000118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2018-07-25 08:16 - 2018-07-14 04:56 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WFDSConMgr.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 001124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdprt.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000458752 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2018-07-25 08:16 - 2018-07-14 04:55 - 000344576 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-07-25 08:16 - 2018-07-14 04:55 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreCommonProxyStub.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\datamarketsvc.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-07-25 08:16 - 2018-07-14 04:55 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\EASPolicyManagerBrokerHost.exe
2018-07-25 08:16 - 2018-07-14 04:55 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 003319808 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 002825728 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 001537024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000999936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000409088 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000358400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2018-07-25 08:16 - 2018-07-14 04:54 - 000352768 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\PushToInstall.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2018-07-25 08:16 - 2018-07-14 04:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\EasPolicyManagerBrokerPS.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 004770816 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 001931776 _____ (Microsoft Corporation) C:\Windows\system32\edgeangle.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 001825792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 001668096 _____ (Microsoft Corporation) C:\Windows\system32\cdprt.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000705024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000681984 _____ (Microsoft Corporation) C:\Windows\system32\WFDSConMgrSvc.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000566272 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000450560 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreCommonProxyStub.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2018-07-25 08:16 - 2018-07-14 04:53 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 002172928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000972800 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000755712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000506880 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2018-07-25 08:16 - 2018-07-14 04:52 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 003376640 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 002904576 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 001747968 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 001395712 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 001304064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2018-07-25 08:16 - 2018-07-14 04:51 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-07-25 08:16 - 2018-07-14 04:50 - 001773056 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 001457664 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 001225216 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000949760 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000932352 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2018-07-25 08:16 - 2018-07-14 04:50 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2018-07-25 08:16 - 2018-07-14 04:49 - 000884736 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2018-07-25 08:16 - 2018-07-14 03:35 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-07-23 22:30 - 2018-07-26 19:52 - 000000000 ____D C:\Users\Wendy\Documents\Reflect
2018-07-21 19:53 - 2018-07-30 22:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-21 13:25 - 2018-08-06 20:18 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\vlc
2018-07-21 11:54 - 2018-08-09 21:11 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForWendy.job
2018-07-21 11:54 - 2018-08-09 20:06 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWendy
2018-07-21 11:54 - 2018-07-21 11:54 - 000000000 ____D C:\Users\Wendy\AppData\Local\HP_Inc
2018-07-21 11:47 - 2018-07-21 11:54 - 000000000 ____D C:\Users\Wendy\AppData\Local\Hewlett-Packard
2018-07-21 11:47 - 2018-07-21 11:47 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\Hewlett-Packard
2018-07-21 11:46 - 2018-07-30 12:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-07-21 11:46 - 2018-07-21 12:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2018-07-21 11:46 - 2018-07-21 11:46 - 000002264 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2018-07-21 11:46 - 2018-07-21 11:46 - 000000000 ____D C:\System.sav
2018-07-21 11:46 - 2018-07-21 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-07-21 11:45 - 2018-07-21 12:01 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2018-07-21 11:45 - 2018-07-21 11:46 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-07-21 11:45 - 2018-07-21 11:45 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\hpqLog
2018-07-21 11:45 - 2018-07-21 11:45 - 000000000 ____D C:\swsetup
2018-07-20 18:11 - 2018-07-20 18:11 - 000000000 ____D C:\Users\Wendy\Documents\TRBL Case
2018-07-20 16:08 - 2018-07-25 17:44 - 000002045 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-07-20 16:08 - 2018-07-20 16:08 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\HPPSDr
2018-07-20 16:07 - 2018-07-20 16:07 - 000000000 ___RD C:\Users\Wendy\Documents\RocketLifeNetwork
2018-07-20 16:07 - 2018-07-20 16:07 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\Visan
2018-07-20 16:07 - 2018-07-20 16:07 - 000000000 ____D C:\Users\Wendy\AppData\Local\RLPlatform
2018-07-20 16:04 - 2018-07-20 16:04 - 000003730 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 2130 series
2018-07-20 16:03 - 2018-07-20 16:07 - 000000000 ____D C:\Program Files (x86)\HP
2018-07-20 16:03 - 2018-07-20 16:03 - 000002289 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2018-07-20 16:03 - 2018-07-20 16:03 - 000001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 2130 series.lnk
2018-07-20 16:03 - 2018-07-20 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-07-20 16:03 - 2018-07-20 16:03 - 000000000 ____D C:\Program Files\HP
2018-07-20 16:02 - 2018-07-20 16:09 - 000000000 ____D C:\Users\Wendy\AppData\Local\HP
2018-07-19 11:54 - 2018-07-19 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2018-07-19 11:54 - 2018-07-19 11:54 - 000000000 ____D C:\Program Files\Macrium
2018-07-19 11:24 - 2018-07-19 11:55 - 000000000 ____D C:\ProgramData\Macrium
2018-07-18 17:20 - 2018-07-18 17:20 - 000000000 ____D C:\Users\Wendy\AppData\LocalLow\Oracle
2018-07-17 08:26 - 2018-07-13 05:34 - 000709816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-07-17 08:26 - 2018-07-13 05:32 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-17 08:26 - 2018-07-13 05:30 - 002718624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-17 08:26 - 2018-07-13 04:59 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-17 08:26 - 2018-07-11 11:23 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2018-07-17 08:26 - 2018-07-11 10:24 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-15 13:48 - 2018-07-15 13:48 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\OpenOffice
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-11 20:08 - 2018-07-03 18:51 - 000000000 ____D C:\FRST
2018-08-11 20:08 - 2018-07-03 18:50 - 000000000 ____D C:\Users\Wendy\Desktop\Matt
2018-08-11 20:07 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-11 19:55 - 2018-06-29 20:32 - 000000000 ____D C:\Users\Wendy\AppData\LocalLow\Mozilla
2018-08-11 19:40 - 2018-06-29 20:27 - 000838560 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-11 19:40 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2018-08-11 19:38 - 2018-06-29 20:30 - 000000000 ___RD C:\Users\Wendy\OneDrive
2018-08-11 19:34 - 2018-06-29 20:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-11 19:33 - 2018-04-11 22:04 - 000524288 _____ C:\Windows\system32\config\BBI
2018-08-11 19:23 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\registration
2018-08-11 15:38 - 2018-06-29 20:18 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-08-11 13:12 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp
2018-08-11 11:03 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2018-08-11 06:02 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-10 20:07 - 2018-07-07 17:41 - 000000000 ____D C:\Users\Wendy\AppData\Local\Spotify
2018-08-10 19:43 - 2018-07-07 17:40 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\Spotify
2018-08-09 21:15 - 2018-07-04 23:15 - 000000000 ____D C:\Users\Wendy\AppData\Local\TomTom
2018-08-09 18:51 - 2018-06-29 20:33 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2009218519-3274899539-1962924502-1001
2018-08-09 18:51 - 2018-06-29 20:27 - 000002367 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-09 12:10 - 2018-06-29 20:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-09 12:10 - 2018-06-29 20:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-09 05:07 - 2018-06-29 20:27 - 000000000 ____D C:\Program Files (x86)\Intel
2018-08-08 20:34 - 2018-06-29 20:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-08 20:32 - 2018-07-07 17:41 - 000001850 _____ C:\Users\Wendy\Desktop\Spotify.lnk
2018-08-08 20:32 - 2018-07-07 17:41 - 000001836 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-08-08 07:41 - 2018-07-02 19:46 - 000004206 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1530557192
2018-08-08 07:41 - 2018-07-02 19:46 - 000001368 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-08-06 18:13 - 2018-07-04 23:18 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-08-05 14:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\NDF
2018-08-05 14:26 - 2018-07-02 18:43 - 000000000 ____D C:\Users\Wendy\AppData\Local\ElevatedDiagnostics
2018-08-04 19:30 - 2018-07-03 19:49 - 000000000 ____D C:\Users\Wendy\AppData\Roaming\MyPhoneExplorer
2018-08-04 18:39 - 2018-06-29 21:20 - 000000000 ____D C:\Users\Wendy\Documents\Matt
2018-08-02 14:55 - 2018-07-03 17:11 - 000000000 ____D C:\ProgramData\Packages
2018-08-01 17:09 - 2018-06-29 21:20 - 000000000 ____D C:\Users\Wendy\Documents\Tipton RBL
2018-07-31 07:29 - 2018-06-29 20:18 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-07-30 20:19 - 2018-06-29 20:27 - 000000000 ____D C:\Users\Wendy
2018-07-29 20:31 - 2018-06-29 21:16 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-07-29 19:18 - 2018-06-29 20:27 - 000000000 ____D C:\Users\Wendy\AppData\Local\ConnectedDevicesPlatform
2018-07-25 08:29 - 2018-06-29 20:17 - 000268800 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ___SD C:\Windows\system32\UNP
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ___SD C:\Windows\system32\F12
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\TextInput
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\SysWOW64\en-GB
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\ShellExperiences
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\en-GB
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\ShellExperiences
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\bcastdvr
2018-07-25 08:27 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-25 07:52 - 2018-07-04 23:18 - 000000000 ____D C:\Program Files\CCleaner
2018-07-24 18:49 - 2018-06-29 21:20 - 000000000 ____D C:\Users\Wendy\Documents\RBL Caseworker Docs
2018-07-24 12:12 - 2018-07-11 03:02 - 000004600 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-24 12:12 - 2018-07-07 08:15 - 000000000 ____D C:\Users\Wendy\AppData\Local\Adobe
2018-07-24 12:12 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-24 12:12 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-24 08:56 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-20 16:09 - 2018-06-29 22:12 - 000000000 ____D C:\ProgramData\HP
2018-07-18 17:24 - 2018-06-29 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-18 17:23 - 2018-06-29 20:38 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-07-18 17:23 - 2018-06-29 20:38 - 000000000 ____D C:\Program Files\Java
2018-07-18 17:20 - 2018-06-29 20:36 - 000000000 ____D C:\ProgramData\Oracle
2018-07-17 08:20 - 2018-06-29 22:37 - 000563832 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job
 
 
Some files in TEMP:
====================
2018-08-11 19:12 - 2018-07-18 10:18 - 000172024 _____ () C:\Users\Wendy\AppData\Local\Temp\substat.dll
2018-08-11 19:12 - 2018-07-18 10:18 - 000488952 _____ () C:\Users\Wendy\AppData\Local\Temp\uninstall.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-29 20:17
 
==================== End of FRST.txt ============================


#4 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 11 August 2018 - 02:13 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Wendy (11-08-2018 20:10:08)
Running from C:\Users\Wendy\Desktop\Matt\FRST
Windows 10 Home Version 1803 17134.191 (X64) (2018-06-29 19:23:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2009218519-3274899539-1962924502-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2009218519-3274899539-1962924502-503 - Limited - Disabled)
Guest (S-1-5-21-2009218519-3274899539-1962924502-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2009218519-3274899539-1962924502-504 - Limited - Disabled)
Wendy (S-1-5-21-2009218519-3274899539-1962924502-1001 - Administrator - Enabled) => C:\Users\Wendy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Alcatel PC Suite V7.0.56 (HKLM-x32\...\{93DB-0E9758B0D131_PCS_Alcatel_Union}_is1) (Version:  - Singularity Software Co., Ltd.)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.9.24.3 - HP Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Macrium Reflect Free Edition (HKLM\...\{1A399324-9784-4384-927F-0FEA922BC516}) (Version: 7.1.3317 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Upgrade S 4.4.7 (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version:  - TCL Communication Technology Holdings Limited)
Mozilla Firefox 61.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-GB)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.9 - F.J. Wechselberger)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
OpenOffice 4.1.5 (HKLM-x32\...\{708F0253-F566-48F3-9B88-06F48F16548B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 54.0.2952.71 (HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\Opera 54.0.2952.71) (Version: 54.0.2952.71 - Opera Software)
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3504 - Packard Bell)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{0AF24D23-22CC-44D8-B0B5-D8222C92D1EB}) (Version: 40.11.1124.17107 - HP Inc.)
Smart Suite v3.4.2 (HKLM-x32\...\Smart Suite for Android_is1) (Version:  - TCL Communication Ltd)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\Spotify) (Version: 1.0.87.491.ge2a121fc - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-10-01] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0489D9FF-1EA3-470D-87E4-D7ADACA5C809} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {09585C85-BAF6-41DA-843E-97D190BAC707} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-28] (Google Inc.)
Task: {169CF554-67D9-4B8B-A038-44830A66F981} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {16BBA465-96E8-4270-9A54-9A2B5F9EFC0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {17312B7A-877D-44A6-B7FB-AEF837481725} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {1C9BA1A6-39B7-40D5-9DCA-87E2EE9A6DEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {240C4442-0B6B-45B2-9917-2B82565BA01A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-28] (Google Inc.)
Task: {3E5E434E-F547-4C40-B7C2-D8247137E10C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {47CA8B3B-DDA1-439D-96D7-5A4EAF4FCF1F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {5A2F2607-ADE7-4D5D-A1EA-56D6920FC38C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {76AB432C-FFE1-4003-B651-9E7C8E1CA06E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {81C524A1-A9BA-4271-BE35-8BABCE67A398} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA4ME3S3 Product Registration (Wendy) => C:\Users\Wendy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4ME3S3 Product Registration.exe [2009-01-17] (Leader Technologies/Seagate)
Task: {822AC36B-E814-434B-B826-6CF97B412E19} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-24] (Adobe Systems Incorporated)
Task: {8C8C665D-5AFE-44F8-97EF-33A46D485050} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {9222CD26-D31A-4CBF-B9C3-497E3F0B733B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {92A08EBC-7EA9-49E0-9EA6-49D2EABF7C19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {941E2F2F-C5EC-4F64-B658-5591BCA49D42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A4309E67-103B-4F35-A6F1-24C14E9EBA3E} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2017-04-18] (HP Inc.)
Task: {AA44C81F-BD6B-4AED-AA22-17A4F67DFB6F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe
Task: {B43B5D47-97D2-44D0-B097-6E97E45EC678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {BB579A34-6274-4EF2-BE5F-7FE9750D1453} - System32\Tasks\HPCeeScheduleForWendy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {BF120915-7BBB-4EC8-8E99-B68DD07E780E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {D84D9B3B-3B10-4DB6-805B-ACBCD2EFC5FB} - System32\Tasks\Opera scheduled Autoupdate 1530557192 => C:\Users\Wendy\AppData\Local\Programs\Opera\launcher.exe [2018-08-07] (Opera Software)
Task: {E045E7CF-5F21-45FB-86D5-44B7F52326C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {F3F2F303-2D51-4E5A-A0A4-5D5B2E67BDFF} - System32\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A} => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\HPCeeScheduleForWendy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 01:43 - 2018-07-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-08-10 19:05 - 2018-08-10 19:06 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-10 19:05 - 2018-08-10 19:06 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-10 19:05 - 2018-08-10 19:06 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 17:19 - 2018-04-12 17:19 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-10 19:05 - 2018-08-10 19:06 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-17 08:46 - 2018-07-17 08:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 08:46 - 2018-07-17 08:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 08:46 - 2018-07-17 08:50 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 08:46 - 2018-07-17 08:50 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 08:46 - 2018-07-17 08:50 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-06-29 21:16 - 2018-07-29 20:31 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-08-08 07:41 - 2018-08-07 05:48 - 102627416 _____ () C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\opera_browser.dll
2018-08-08 07:41 - 2018-08-07 05:48 - 004613208 _____ () C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\libglesv2.dll
2018-08-08 07:41 - 2018-08-07 05:48 - 000100440 _____ () C:\Users\Wendy\AppData\Local\Programs\Opera\54.0.2952.71\libegl.dll
2018-08-11 19:06 - 2018-07-10 23:16 - 000148992 _____ () c:\program files (x86)\pccleaner\pccleanersvc.dll
2018-08-11 19:06 - 2018-07-11 00:34 - 000169472 _____ () c:\program files (x86)\pccleaner\PCCleanerConfig.dll
2018-08-11 19:06 - 2018-08-08 00:48 - 000296960 _____ () c:\program files (x86)\pccleaner\PlugCore.dll
2018-08-11 19:06 - 2018-08-08 01:09 - 000290816 _____ () c:\program files (x86)\pccleaner\Report.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 00:38 - 2018-06-29 21:37 - 000000822 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wendy\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\HPIM2988.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\...\StartupApproved\Run: => "GoogleDriveSync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{69969EB7-AA78-4733-94D0-739558707E5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4347819-BA73-4715-8C8C-729255242144}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4286C279-C504-41D5-8C67-4A0FB19B256B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A66C6B7C-C774-4824-8FD9-DB198AD96AA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9A87C20E-CC3C-494E-8284-C4EB14C8897A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A9149D43-99A8-4ADE-BE89-A1A14860A0E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{9A6DF867-23BA-427C-B5E6-1DDE036688D3}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{02E719D2-3816-4FF0-8D9A-5284F0750300}C:\users\wendy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\wendy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F5D6EF3-F361-480A-8739-1189449622BA}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
FirewallRules: [{0109C867-7BC7-45D8-B87B-6882889C7C80}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3B89D3DF-E22A-493C-9D8B-3B3D4704E391}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D65163BE-9FE9-4529-9E83-47ADD5350C6A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{CEBB9FA8-60E0-44FD-B699-566886148F7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6FC900D4-535F-4DB9-9640-70CCCF8E9312}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{16907417-16B5-4E0B-9EBE-61A61FF8A1A3}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{FB70483E-3D5D-4539-9264-BC46319F574E}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{E4D8C9C3-EEEF-4DD9-947F-941A2DABEB47}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{4FDBF515-EAA5-4D87-A18A-2FAB9603D52B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
 
==================== Restore Points =========================
 
30-07-2018 20:10:25 Alcatel Smart Suite
01-08-2018 09:31:43 Windows Modules Installer
04-08-2018 14:13:15 alcatel
05-08-2018 19:50:52 Windows Modules Installer
06-08-2018 21:50:25 Windows Modules Installer
07-08-2018 23:50:28 Windows Modules Installer
09-08-2018 05:05:53 Installed Intel-SA-00075 Detection and Mitigation Tool 1.0.3.215
09-08-2018 21:13:36 tomtom
11-08-2018 13:12:13 Windows Modules Installer
11-08-2018 19:01:34 Drive Talent
11-08-2018 19:21:31 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2018 07:37:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Wendy\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2018 07:37:58 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Drive Talent). Additional information: 0x80070005.
 
Error: (08/11/2018 07:21:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/11/2018 07:18:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Wendy\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/11/2018 07:01:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/11/2018 01:12:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/10/2018 08:35:28 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5572,G,0) An attempt to open the file "C:\Users\Wendy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/10/2018 06:22:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XboxApp.exe, version: 41.41.1805.18005, time stamp: 0x5aff1a1a
Faulting module name: SharedLibrary.dll, version: 1.6.24903.0, time stamp: 0x586b33b2
Exception code: 0x00001007
Fault offset: 0x0000000000495b2f
Faulting process ID: 0x228
Faulting application start time: 0x01d430aa4d53e355
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxApp_41.41.18005.0_x64__8wekyb3d8bbwe\XboxApp.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report ID: 1464057c-c41a-45d0-ad59-fb6897456404
Faulting package full name: Microsoft.XboxApp_41.41.18005.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.XboxApp
 
 
System errors:
=============
Error: (08/11/2018 08:05:19 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K8OSN9T)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-K8OSN9T\Wendy SID (S-1-5-21-2009218519-3274899539-1962924502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 08:01:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K8OSN9T)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-K8OSN9T\Wendy SID (S-1-5-21-2009218519-3274899539-1962924502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 08:01:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K8OSN9T)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-K8OSN9T\Wendy SID (S-1-5-21-2009218519-3274899539-1962924502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 07:45:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-K8OSN9T)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-K8OSN9T\Wendy SID (S-1-5-21-2009218519-3274899539-1962924502-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 07:36:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 07:19:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 07:19:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/11/2018 07:19:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-08-11 19:20:15.769
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2C0C6595-4B0E-4FFC-BCDA-4152F851605B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-10 19:05:40.632
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5D00A9F7-27C6-4D47-B44D-E1D047C50425}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-10 18:16:48.475
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C8F205A3-77A2-452E-A4B0-4D6899697BED}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-05 21:10:13.530
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1E030112-47E9-402F-AC36-FE6D0CFD424D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-05 20:02:56.284
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {60BEDDD9-1542-4365-9D94-BF58524FFAB0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2018-07-04 19:17:49.070
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 19:17:49.070
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 17:57:38.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-04 17:57:38.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-03 17:07:04.372
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-03 17:07:04.372
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-02 21:12:26.835
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-07-02 21:12:26.812
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 59%
Total physical RAM: 2999.11 MB
Available physical RAM: 1226.73 MB
Total Virtual: 4151.11 MB
Available Virtual: 2222.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:224.95 GB) (Free:126.29 GB) NTFS
Drive d: (DATA) (Fixed) (Total:225.71 GB) (Free:156.41 GB) NTFS
 
\\?\Volume{27c8e9fc-0000-0000-0000-10c003000000}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{27c8e9fc-0000-0000-0000-100000000000}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:3.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 27C8E9FC)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 11 August 2018 - 02:14 PM

Note: I have run Malwarebytes and it found 234, but have not told it to clean anything yet.



#6 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 04:24 AM

May I go ahead and MWB, or do you want me to wait first?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:44 PM

Posted 12 August 2018 - 07:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF SearchPlugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml [2018-08-11]
CHR StartupUrls: Default -> "hxxp://sandwell.anywhere.me/","hxxp://anywhere.me/sandwell","search.mpc.am"
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 LCleanerSvc; C:\Program Files (x86)\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]

Task: {F3F2F303-2D51-4E5A-A0A4-5D5B2E67BDFF} - System32\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A} => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
Task: C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
2018-08-11 19:06 - 2018-07-10 23:16 - 000148992 _____ () c:\program files (x86)\pccleaner\pccleanersvc.dll
2018-08-11 19:06 - 2018-07-11 00:34 - 000169472 _____ () c:\program files (x86)\pccleaner\PCCleanerConfig.dll
2018-08-11 19:06 - 2018-08-08 00:48 - 000296960 _____ () c:\program files (x86)\pccleaner\PlugCore.dll
2018-08-11 19:06 - 2018-08-08 01:09 - 000290816 _____ () c:\program files (x86)\pccleaner\Report.dll
FirewallRules: [{16907417-16B5-4E0B-9EBE-61A61FF8A1A3}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{FB70483E-3D5D-4539-9264-BC46319F574E}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{E4D8C9C3-EEEF-4DD9-947F-941A2DABEB47}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{4FDBF515-EAA5-4D87-A18A-2FAB9603D52B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe

C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml
C:\Program Files (x86)\PCCleaner
C:\ProgramData\DriverTalent
C:\Users\Wendy\AppData\Roaming\DriverTalent
C:\Users\Wendy\AppData\Roaming\NERILE~1
C:\Program Files (x86)\OSTotoSoft\DriverTalent

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the restart of the computer run Malwarebytes and cleand everything that will be reported.

Post the logs and let me know what problem persists.

#8 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 08:04 AM

Hello again Nasdaq :)

 

Thank you for being so willing (again) to help me out.

 

I will now carry out your instructions.



#9 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 08:13 AM

Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Wendy (12-08-2018 14:06:47) Run:2
Running from C:\Users\Wendy\Desktop\Matt\FRST
Loaded Profiles: Wendy (Available Profiles: Wendy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF SearchPlugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml [2018-08-11]
CHR StartupUrls: Default -> "hxxp://sandwell.anywhere.me/","hxxp://anywhere.me/sandwell","search.mpc.am"
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 LCleanerSvc; C:\Program Files (x86)\PCCleaner\PCCleanerSvc.dll [148992 2018-07-10] () [File not signed]
 
Task: {F3F2F303-2D51-4E5A-A0A4-5D5B2E67BDFF} - System32\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A} => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
Task: C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job => C:\Users\Wendy\AppData\Roaming\NERILE~1\kesak.exe <==== ATTENTION
2018-08-11 19:06 - 2018-07-10 23:16 - 000148992 _____ () c:\program files (x86)\pccleaner\pccleanersvc.dll
2018-08-11 19:06 - 2018-07-11 00:34 - 000169472 _____ () c:\program files (x86)\pccleaner\PCCleanerConfig.dll
2018-08-11 19:06 - 2018-08-08 00:48 - 000296960 _____ () c:\program files (x86)\pccleaner\PlugCore.dll
2018-08-11 19:06 - 2018-08-08 01:09 - 000290816 _____ () c:\program files (x86)\pccleaner\Report.dll
FirewallRules: [{16907417-16B5-4E0B-9EBE-61A61FF8A1A3}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{FB70483E-3D5D-4539-9264-BC46319F574E}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{E4D8C9C3-EEEF-4DD9-947F-941A2DABEB47}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{4FDBF515-EAA5-4D87-A18A-2FAB9603D52B}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
 
C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml
C:\Program Files (x86)\PCCleaner
C:\ProgramData\DriverTalent
C:\Users\Wendy\AppData\Roaming\DriverTalent
C:\Users\Wendy\AppData\Roaming\NERILE~1
C:\Program Files (x86)\OSTotoSoft\DriverTalent
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully
"C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml" => not found
"Chrome StartupUrls" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => removed successfully
"HKLM\System\CurrentControlSet\Services\LCleanerSvc" => removed successfully
LCleanerSvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3F2F303-2D51-4E5A-A0A4-5D5B2E67BDFF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3F2F303-2D51-4E5A-A0A4-5D5B2E67BDFF}" => removed successfully
C:\Windows\System32\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}" => removed successfully
C:\Windows\Tasks\{79964B1E-5F46-5D52-2EC8-0803C2FC310A}.job => moved successfully
c:\program files (x86)\pccleaner\pccleanersvc.dll => moved successfully
c:\program files (x86)\pccleaner\PCCleanerConfig.dll => moved successfully
c:\program files (x86)\pccleaner\PlugCore.dll => moved successfully
c:\program files (x86)\pccleaner\Report.dll => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16907417-16B5-4E0B-9EBE-61A61FF8A1A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB70483E-3D5D-4539-9264-BC46319F574E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4D8C9C3-EEEF-4DD9-947F-941A2DABEB47}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FDBF515-EAA5-4D87-A18A-2FAB9603D52B}" => removed successfully
"C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\97h7a6kg.default\searchplugins\yahoo! powered.xml" => not found
C:\Program Files (x86)\PCCleaner => moved successfully
C:\ProgramData\DriverTalent => moved successfully
C:\Users\Wendy\AppData\Roaming\DriverTalent => moved successfully
"C:\Users\Wendy\AppData\Roaming\NERILE~1" => not found
"C:\Program Files (x86)\OSTotoSoft\DriverTalent" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 14:07:51 ====


#10 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 08:14 AM

At this point PCCleaner is still present in the start menu.



#11 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 08:38 AM

Results of MWB scan:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/08/2018
Scan Time: 14:18
Log File: 2491cfa7-9e32-11e8-be07-d02788177603.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6309
Licence: Free
 
-System Information-
OS: Windows 10 (Build 17134.191)
CPU: x64
File System: NTFS
User: DESKTOP-K8OSN9T\Wendy
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 284633
Threats Detected: 193
Threats Quarantined: 193
Time Elapsed: 8 min, 11 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
Rogue.PCCleaner, HKU\S-1-5-21-2009218519-3274899539-1962924502-1001\SOFTWARE\PCCleaner, Quarantined, [1274], [210436],1.0.6309
Rogue.PCCleaner, HKLM\SOFTWARE\WOW6432NODE\PCCleaner, Quarantined, [1274], [212782],1.0.6309
 
Registry Value: 1
PUP.Optional.DriveTheLife, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE, Quarantined, [900], [478671],1.0.6309
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 22
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\pt_BR, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\en, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\fr, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\hi, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\vi, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\skin\icons, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_metadata, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\vendor, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\skin, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\USERS\WENDY\APPDATA\LOCAL\CHROMIUM\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [245], [453140],1.0.6309
 
File: 168
PUP.Optional.SearchManager, C:\USERS\WENDY\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [245], [260989],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\HelveticaNeue-Thin.otf, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\HelveticaNeueLT-Roman.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\neue-bold.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\fonts\neue.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\close-FF8A5A.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\collection-9B9B9B.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\collection-FF691E.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\doc-icon-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\error-FF691E.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-2-doc-9B9B9B.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-2-doc-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\pdf-icon-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\success-FF8A5A.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\tab-arrow-FF691E.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\converter\upload-FF691E.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\amazon-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\amazon.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\close.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\enlarge-000000-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\enlarge-FFCA00-000000.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\hulu-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\hulu.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\minimize-000000-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\netflix-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\netflix.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\refresh-FFFFFF-000000.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shrink-FFCA00-000000.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shuffle-000000.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\shuffle-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\vudu-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films\vudu.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\128.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\16.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\48.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\close.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\favicon.ico, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\icons\trends.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\bing-maps-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\from-to-icon-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\google-maps-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\location-icon-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\search-4A4A4A.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\search-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\switch-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\tab-arrow-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\whereto-logo-8881FF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\maps\whereto-logo-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\facebook_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\aliexpress.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\aliexpress_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\amazon.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\amazon_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\booking.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\booking_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\ebay.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\ebay_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\expedia.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\expedia_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\facebook.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gmail.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gmail_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\google-translate-icon-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\gtranslte.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\pinterest.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\pinterest_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\twitter.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\twitter_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\wix.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\wix_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\yahoo.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\yahoo_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\youtube.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sitesThumbnails\youtube_tile_v2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\DOC-to-PDF.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\PDF-to-DOC.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\Translation.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\tiles\View-PDF.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\01d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\01n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\02d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\02n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\03d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\03n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\04d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\04n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\09d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\09n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\10d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\10n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\11d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\11n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\13d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\13n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\50d.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\weather\50n.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\down.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\alot.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\angle-arrow-down.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bing.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bing_large.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bluesky-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\brush.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\bt.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\clock.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\cloud.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\cupcake-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\desk-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\doodle.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\enhanced_google.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\eyeglass.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\eyeglass_transparent.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\films-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\gmx_large.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\google.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\google_large.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\hero-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\just-the-box-empty.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\just-the-box.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\mountain-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\pointer2.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\radio-selected.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\radio-unselected.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\sea-bg.jpg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\search-D7D7D7.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\search-FFFFFF.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\settings.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\smallMagnifier.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\star-unselected.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\star.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\todoc.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\toggle-off.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\toggle-on.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\topdf.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\transparent_img.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\yahoo.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\yahoo.svg, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\yahoo_large.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\yandex.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\_enhanced_google.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\images\_gmx_large.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\content\bundle.v0.0.1.min.css, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\skin\icons\16.png, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\vendor\md5.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\vendor\react-dom.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\vendor\react-with-addons.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\en\messages.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\fr\messages.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\hi\messages.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\pt_BR\messages.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_locales\vi\messages.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\_metadata\verified_contents.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\background.html, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\background.v0.0.1.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\client.v0.0.1.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\common.js.v0.0.1.min.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\e_.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\index.html, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\manifest.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\popupTab2.html, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\popupTab2.js, Quarantined, [245], [453140],1.0.6309
PUP.Optional.SearchManager, C:\Users\Wendy\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.3.54_0\responseConfig.json, Quarantined, [245], [453140],1.0.6309
PUP.Optional.DriveTheLife, C:\USERS\WENDY\APPDATA\LOCAL\TEMP\SMGAE5D.TMP\SMGAE5D.TMP, Quarantined, [900], [478126],1.0.6309
PUP.Optional.ByteFence, C:\USERS\WENDY\APPDATA\LOCAL\TEMP\TMPSEC5074714\BYTEFENCE-INSTALLER-5.3.0.57.EXE, Quarantined, [6009], [389016],1.0.6309
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
 
At this point PCcleaner folder is still present in the Start Menu (which is a bit concerning).  Too early yet to say if any other problems.  Do you want me to run any additional tools or scans?


#12 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 08:44 AM

Also in Ccleaner, I was looking at the Startup just, and it shows an entry for Chromium which was installed when Driver Talent was:

 

 

No HKCU:Run Chromium The Chromium Authors "c:\users\wendy\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
No HKCU:Run GoogleDriveSync Google Inc "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\Wendy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKLM:Run ALU Acer Incorporated C:\Program Files\Packard Bell\Packard Bell Updater\ALU.exe -r
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run Reflect UI Paramount Software UK Ltd C:\Program Files\Macrium\Common\ReflectUI.exe
Yes HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


#13 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 09:32 AM

Could you tell me please if you want items deleted from MWB quarantine?



#14 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 12 August 2018 - 11:14 PM

Update: Ran Ccleaner and the Start Menu item has been deleted.

 

Awaiting further instruction.



#15 mrmatt

mrmatt
  • Topic Starter

  • Members
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Midlands, UK
  • Local time:04:44 AM

Posted 15 August 2018 - 04:49 AM

Hello.

 

I am concerned there may be remnants still on the system from the Driver Talent installation.

 

Just opened Internet Explorer, and it asked me if I wanted to change the search engined to 'Yahoo ! Powered'.

 

(This also happened with Firefox before).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users