Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious outbound connection blocked


  • Please log in to reply
6 replies to this topic

#1 HeadDesk

HeadDesk

  • Members
  • 58 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 13 October 2018 - 12:43 AM

Hi, last night I'd just used a search engine (without clicking any link) when Malwarebytes popped up with a message - blocked an outgoing connection to a domain that might contain malware. I logged the details of that if they could be useful. Scanning with Malwarebytes and Windows Defender show nothing but I'd like to check there's isn't hidden malware I've picked up, as I did get an ad popup a few weeks ago.

Do I also need to check my browser? I checked my router but nothing had been set to redirect there.

Thanks for any help!




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by A (administrator) on A-PC (13-10-2018 16:44:28)
Running from C:\Users\A\Desktop
Loaded Profiles: A (Available Profiles: A)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\nortonsecurity.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\nortonsecurity.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2018-05-15] (Google Inc.)
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{49054E31-C424-4C06-B910-504F34225F6C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\coIEPlg.dll [2018-10-03] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-05-15] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.15.1.8\coIEPlg.dll [2018-10-03] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-05-15] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-05-15] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\coIEPlg.dll [2018-10-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.15.1.8\coIEPlg.dll [2018-10-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-05-15] (Google Inc.)

FireFox:
========
FF DefaultProfile: 0pnauuuw.default
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default [2018-10-13]
FF Homepage: Mozilla\Firefox\Profiles\0pnauuuw.default -> moz-extension://822c400a-3a3c-44ba-bdef-71c070c57a05/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\0pnauuuw.default -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\0pnauuuw.default -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\@contain-facebook.xpi [2018-05-15]
FF Extension: (Firelux) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\@firelux.xpi [2018-09-10]
FF Extension: (Reddit Enhancement Suite) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-09-23]
FF Extension: (Norton Home Page) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonhomepage@symantec.com.xpi [2018-09-19]
FF Extension: (Norton Safe Search) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-10-12]
FF Extension: (Norton Safe Web) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonsafeweb@symantec.com.xpi [2018-10-09]
FF Extension: (NoScript) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-08]
FF Extension: (Adblock Plus) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-31]
FF Extension: (Telemetry coverage) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\features\{4d055dd4-c3f8-4450-9c5d-2df194b6daa1}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2018-08-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2018-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-16]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\NortonSecurity.exe [328648 2018-09-07] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-05-15] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.14.0.54\Definitions\BASHDefs\20180807.003\BHDrvx64.sys [1919568 2018-07-02] (Symantec Corporation)
R1 ccSet_NGC; C:\Windows\system32\drivers\NGCx64\160F010.008\ccSetx64.sys [190424 2018-09-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-05-15] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.14.0.54\Definitions\IPSDefs\20180810.001\IDSvia64.sys [1305168 2018-08-09] (Symantec Corporation)
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-13] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2018-05-14] (Realtek Semiconductor Corporation )
S3 SRTSP; C:\Windows\System32\Drivers\NGCx64\160F010.008\SRTSP64.SYS [846928 2018-09-07] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NGCx64\160F010.008\SRTSPX64.SYS [51168 2018-09-07] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\160F010.008\SYMEFASI64.SYS [1969312 2018-09-07] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-06] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NGCx64\160F010.008\Ironx64.SYS [307792 2018-09-07] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NGCx64\160F010.008\symnets.sys [566912 2018-09-07] (Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\Drivers\NGCx64\160F010.008\wpCtrlDrv.sys [1002840 2018-09-07] (Symantec Corporation)
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 16:44 - 2018-10-13 16:44 - 002414592 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2018-10-13 16:44 - 2018-10-13 16:44 - 000015898 _____ C:\Users\A\Desktop\FRST.txt
2018-10-13 16:28 - 2018-10-13 16:29 - 000050124 _____ C:\Users\A\Downloads\FRST.txt
2018-10-13 16:28 - 2018-10-13 16:29 - 000022957 _____ C:\Users\A\Downloads\Addition.txt
2018-10-13 16:26 - 2018-10-13 16:44 - 000000000 ____D C:\FRST
2018-10-13 15:37 - 2018-10-13 15:37 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-10-13 15:12 - 2018-10-13 15:14 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-13 15:12 - 2018-10-13 15:12 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-13 15:12 - 2018-10-13 15:12 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-13 15:12 - 2018-10-13 15:12 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-12 22:38 - 2018-10-12 22:38 - 000000656 _____ C:\Users\A\Desktop\mywaymalware.txt
2018-10-11 17:00 - 2018-10-11 17:00 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-11 17:00 - 2018-10-11 17:00 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-11 17:00 - 2018-10-11 17:00 - 000000000 ____D C:\Users\A\AppData\Local\mbamtray
2018-10-11 17:00 - 2018-10-11 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-11 17:00 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-10 10:51 - 2018-09-19 01:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 10:51 - 2018-09-18 12:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-10 10:51 - 2018-09-18 11:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 10:51 - 2018-09-17 22:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-10 10:51 - 2018-09-17 22:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-10 10:51 - 2018-09-17 22:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 10:51 - 2018-09-17 22:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-10 10:51 - 2018-09-17 22:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-10 10:51 - 2018-09-17 22:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-10 10:51 - 2018-09-17 22:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-10 10:51 - 2018-09-17 22:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-10 10:51 - 2018-09-17 22:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-10 10:51 - 2018-09-17 22:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-10 10:51 - 2018-09-17 22:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-10 10:51 - 2018-09-17 22:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-10 10:51 - 2018-09-17 22:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-10 10:51 - 2018-09-17 22:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-10 10:51 - 2018-09-17 22:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 10:51 - 2018-09-17 22:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-10 10:51 - 2018-09-17 22:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 10:51 - 2018-09-17 22:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-10 10:51 - 2018-09-17 22:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-10 10:51 - 2018-09-17 21:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-10 10:51 - 2018-09-17 21:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-10 10:51 - 2018-09-17 21:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-10 10:51 - 2018-09-17 21:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-10 10:51 - 2018-09-17 21:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-10 10:51 - 2018-09-17 21:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-10 10:51 - 2018-09-17 21:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-10 10:51 - 2018-09-17 21:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-10 10:51 - 2018-09-17 21:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-10 10:51 - 2018-09-17 21:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-10 10:51 - 2018-09-17 21:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-10 10:51 - 2018-09-17 21:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 10:51 - 2018-09-17 21:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-10 10:51 - 2018-09-17 21:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-10 10:51 - 2018-09-17 21:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-10 10:51 - 2018-09-17 21:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-10 10:51 - 2018-09-17 21:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-10 10:51 - 2018-09-17 21:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-10 10:51 - 2018-09-17 21:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-10 10:51 - 2018-09-17 21:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 10:51 - 2018-09-17 21:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-10 10:51 - 2018-09-17 21:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-10 10:51 - 2018-09-17 21:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-10 10:51 - 2018-09-17 21:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-10 10:51 - 2018-09-17 21:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-10 10:51 - 2018-09-17 21:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 10:51 - 2018-09-17 21:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-10 10:51 - 2018-09-17 21:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-10 10:51 - 2018-09-17 21:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-10 10:51 - 2018-09-17 21:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-10 10:51 - 2018-09-17 21:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-10 10:51 - 2018-09-17 21:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-10 10:51 - 2018-09-17 20:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-10 10:51 - 2018-09-17 20:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-10 10:51 - 2018-09-17 20:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 10:51 - 2018-09-17 20:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-10 10:51 - 2018-09-17 20:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-10 10:51 - 2018-09-17 20:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-10 10:51 - 2018-09-17 20:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-10 10:51 - 2018-09-17 20:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-10 10:51 - 2018-09-17 20:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-10 10:51 - 2018-09-17 20:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 10:51 - 2018-09-17 20:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 10:51 - 2018-09-17 20:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-10 10:51 - 2018-09-11 11:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-10 10:51 - 2018-09-11 11:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-10 10:51 - 2018-09-11 11:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-10 10:51 - 2018-09-08 18:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-10 10:51 - 2018-09-08 18:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-10 10:51 - 2018-09-08 18:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-10 10:51 - 2018-09-08 18:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-10 10:51 - 2018-09-08 18:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-10 10:51 - 2018-09-08 17:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-10 10:51 - 2018-09-08 17:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 10:51 - 2018-09-08 17:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-10 10:51 - 2018-09-08 17:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-10 10:51 - 2018-09-08 17:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 10:51 - 2018-09-08 17:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-10 10:51 - 2018-09-08 17:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-10 10:51 - 2018-09-08 17:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-10 10:51 - 2018-09-08 17:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-10 10:51 - 2018-09-08 17:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-10 10:51 - 2018-09-08 17:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-10 10:51 - 2018-09-08 17:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-10 10:51 - 2018-09-08 17:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-10 10:51 - 2018-08-27 23:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-10 10:51 - 2018-08-27 23:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-10 10:51 - 2018-08-27 23:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-10 10:51 - 2018-08-27 23:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 10:51 - 2018-08-27 22:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-10 10:51 - 2018-08-27 22:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-10 10:51 - 2018-08-27 22:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-10 10:51 - 2018-08-15 19:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-10 10:51 - 2018-08-13 14:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-10 10:51 - 2018-08-13 08:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-10 10:51 - 2018-08-12 13:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-10 10:51 - 2018-08-12 13:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-10 10:51 - 2018-08-08 08:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-10 10:51 - 2018-08-08 08:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-10 10:51 - 2018-08-08 08:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-10 10:51 - 2018-08-08 08:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-09-14 17:57 - 2018-09-14 17:57 - 000003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-09-14 17:57 - 2018-09-14 17:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 16:20 - 2018-05-16 09:38 - 000000000 ____D C:\Users\A\AppData\Local\Glyph
2018-10-13 15:21 - 2009-07-13 21:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-13 15:21 - 2009-07-13 21:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-13 15:19 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-13 15:19 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-10-13 15:13 - 2018-05-15 15:16 - 000000000 ____D C:\Users\A\AppData\LocalLow\Mozilla
2018-10-13 15:12 - 2018-05-15 15:04 - 000002950 _____ C:\Windows\System32\Tasks\AsrSP.exe
2018-10-13 15:12 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-11 23:43 - 2018-05-16 10:10 - 000000000 ____D C:\Users\A\AppData\Roaming\RIFT
2018-10-11 16:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-10-11 16:06 - 2018-05-21 03:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-11 15:53 - 2009-07-13 21:45 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 19:50 - 2018-05-15 16:17 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 19:49 - 2018-05-15 16:16 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 19:46 - 2018-05-15 14:51 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-05 17:12 - 2018-05-15 15:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-05 17:12 - 2018-05-15 15:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-20 15:25 - 2018-05-15 15:04 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 15:25 - 2018-05-15 15:04 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-20 04:48 - 2018-05-21 03:22 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-14 18:25 - 2018-05-17 20:10 - 000000000 ____D C:\Program Files\Common Files\AV
2018-09-14 18:02 - 2018-08-13 21:07 - 000000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2018-09-14 17:57 - 2018-05-18 18:39 - 000002361 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-09-14 17:57 - 2018-05-18 18:38 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-08 13:15

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by A (13-10-2018 16:44:46)
Running from C:\Users\A\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-05-15 21:47:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

A (S-1-5-21-4039896684-1515332837-803061559-1000 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-4039896684-1515332837-803061559-500 - Administrator - Disabled)
Guest (S-1-5-21-4039896684-1515332837-803061559-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4039896684-1515332837-803061559-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Norton Internet Security (Disabled - Out of date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
APP Shop v1.0.13 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.13 - ASRock Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.224 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.224 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.15.1.8 - Symantec Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4039896684-1515332837-803061559-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\NavShExt.dll [2018-09-07] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\NavShExt.dll [2018-09-07] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\buShell.dll [2018-09-07] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\NavShExt.dll [2018-09-07] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F375537-2135-4BCA-990D-7FDAA1D8FAAB} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\SymErr.exe [2018-09-07] (Symantec Corporation)
Task: {36BE58DE-85DF-4238-99A0-AA2A0C2A3A23} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-05-27] ()
Task: {4252F1C9-4407-4A95-B5B2-7D162E7D618B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {53968C66-AECD-4082-8EE5-EA0E6AE0EE62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {5E72EE89-7FAE-4904-A729-21901488F751} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\WSCStub.exe [2018-09-07] (Symantec Corporation)
Task: {8FBA0728-BF9B-4719-89A3-2187EAC9EAFE} - System32\Tasks\ASRock Internet Setup => D:\ASRSetup.exe
Task: {8FE4687C-6C89-4E9C-A3CA-558EF04B747D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2018-09-07] (Symantec Corporation)
Task: {9EBEB08E-BFDD-4136-B522-FAF39A2C1350} - System32\Tasks\{9862C086-1C49-45A0-847F-95330BCE85FC} => C:\Users\A\Downloads\GlyphInstall-9999-1001.exe [2018-05-16] (Trion Worlds Inc.)
Task: {B1814155-FC82-4313-A7A7-1A26843A4EA4} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\SymErr.exe [2018-09-07] (Symantec Corporation)
Task: {CA836B91-4300-4A50-A89C-2C9402148ACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc.)
Task: {F751E384-F06E-4E52-A7EC-9D7E766DEBA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 15:04 - 2014-07-31 16:17 - 000463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 000209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-11 17:00 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-11 17:00 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-15 14:59 - 2013-09-03 16:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4039896684-1515332837-803061559-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{907330F4-8E23-4325-B25D-65F4F1F1A813}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{43803AC7-5E6C-4ED0-8840-0718DCC4491E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C8687688-65A8-409D-997B-9587038F1556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5AB40963-80C5-4129-BF81-111EB5831F6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D7480A11-BDEA-4FE8-972E-5C96ABA5C25D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{568F7DDA-65E0-4DA7-830A-6F50A9A4565E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCC3993B-43E8-4076-A692-B345C3FEE314}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE26A3D8-CDCB-4E23-909B-920F24B191C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A2A67419-45A4-4CED-B16E-F351437C443C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-10-2018 19:46:04 Windows Update
11-10-2018 15:56:41 Windows Update
11-10-2018 16:03:33 Windows Backup
13-10-2018 15:13:42 Windows Backup
13-10-2018 15:19:28 Windows Backup
13-10-2018 15:31:08 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2018 03:14:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/12/2018 10:49:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\A\Desktop\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/12/2018 10:49:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\A\Desktop\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/12/2018 10:49:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\A\Desktop\Autoruns\autorunsc.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/12/2018 10:49:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\A\Desktop\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/12/2018 05:37:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2018 03:54:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2018 03:52:31 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT AUTHORITY)
Description: Certificate Services Client  failed to invoke the Providers in response to event 256. Error code 2147942432.


System errors:
=============
Error: (10/13/2018 03:12:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/12/2018 05:36:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/11/2018 06:50:20 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/11/2018 06:50:20 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (10/11/2018 06:50:19 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/11/2018 06:50:18 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/11/2018 06:50:17 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (10/11/2018 06:50:17 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G1840 @ 2.80GHz
Percentage of memory in use: 80%
Total physical RAM: 5813.72 MB
Available physical RAM: 1122.89 MB
Total Virtual: 11625.58 MB
Available Virtual: 6657.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.7 GB) (Free:71.04 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:905.68 GB) NTFS

\\?\Volume{2589af40-5889-11e8-9fab-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A073F3AD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: F7769DFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by HeadDesk, 13 October 2018 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:37 AM

Posted 13 October 2018 - 12:42 PM

HeadDesk:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Help Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs that you have already submitted.

 

Is there a reason why Norton Internet Security is showing as Disabled and Out of Date in the Addition.txt log?

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:37 AM

Posted 13 October 2018 - 01:12 PM

HeadDesk:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [ASRock A-Tuning] => [X]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn => not found
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx <not found>
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step2: I would like to know, as I previously asked, why Norton Internet Security is disabled and out of date? Are you not using that installed program any more? If not, you should uninstall it. Please see this link for instructions.

.

Thank you and have a great day.

Regards,
-Phil
 


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 58 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 13 October 2018 - 08:32 PM

Thanks Phil! I've done the backup.

 

I had a trial of Norton that came with the recovery cd and expired, but didn't remove it because a few protections like website ratings and page blocking remained. I've removed it now.

I'll run the fix.

Edit:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by A (14-10-2018 12:37:12) Run:1
Running from C:\Users\A\Desktop
Loaded Profiles: A (Available Profiles: A)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [ASRock A-Tuning] => [X]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn => not found
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.15.1.8\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx <not found>
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4039896684-1515332837-803061559-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRock A-Tuning" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => removed successfully
HKLM\System\CurrentControlSet\Services\AsrSetupDrv => removed successfully
AsrSetupDrv => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found


The system needed a reboot.

==== End of Fixlog 12:37:21 ====


Edited by HeadDesk, 13 October 2018 - 08:36 PM.


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:37 AM

Posted Yesterday, 12:55 PM

HeadDesk:

 

Thank you for your post, for running the FRST "fixlist" script, and for posting content of the "fixlog.txt" file.

 

.

 

:step1:  I would like you to please provide me with another set of new  FRST scan logs.  I want to check for any possible remaining Norton Internet Security program remnants.  Some anti-virus programs do not uninstall cleanly, and all of them burrow deeply into the operating system.  "Orphaned" components can cause weird and random issues.  So I would like to eliminate Norton remnants as a possible cause of any computer issues that you might be experiencing, before proceeding, in subsequent posts, with some standard anti-malware scans.

 

.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 58 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted Today, 12:01 AM

Ok, sorry! I'll run that



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by A (administrator) on A-PC (15-10-2018 16:06:28)
Running from C:\Users\A\Desktop
Loaded Profiles: A (Available Profiles: A)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2018-05-15] (Google Inc.)
HKU\S-1-5-21-4039896684-1515332837-803061559-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{49054E31-C424-4C06-B910-504F34225F6C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-05-15] (Google Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-05-15] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-05-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-05-15] (Google Inc.)

FireFox:
========
FF DefaultProfile: 0pnauuuw.default
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default [2018-10-15]
FF Homepage: Mozilla\Firefox\Profiles\0pnauuuw.default -> moz-extension://822c400a-3a3c-44ba-bdef-71c070c57a05/homePageRedirect.html
FF HomepageOverride: Mozilla\Firefox\Profiles\0pnauuuw.default -> Enabled: nortonhomepage@symantec.com
FF NewTabOverride: Mozilla\Firefox\Profiles\0pnauuuw.default -> Enabled: nortonhomepage@symantec.com
FF Extension: (Facebook Container) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\@contain-facebook.xpi [2018-05-15]
FF Extension: (Firelux) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\@firelux.xpi [2018-09-10]
FF Extension: (Reddit Enhancement Suite) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-09-23]
FF Extension: (Norton Home Page) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonhomepage@symantec.com.xpi [2018-09-19]
FF Extension: (Norton Safe Search) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2018-10-12]
FF Extension: (Norton Safe Web) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\nortonsafeweb@symantec.com.xpi [2018-10-09]
FF Extension: (NoScript) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-08]
FF Extension: (Adblock Plus) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-31]
FF Extension: (Telemetry coverage) - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0pnauuuw.default\features\{4d055dd4-c3f8-4450-9c5d-2df194b6daa1}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default [2018-08-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2018-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-05-15] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-15] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2018-05-14] (Realtek Semiconductor Corporation )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-15 16:02 - 2018-10-15 16:04 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-15 16:02 - 2018-10-15 16:02 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-15 16:02 - 2018-10-15 16:02 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-15 16:02 - 2018-10-15 16:02 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-14 12:37 - 2018-10-14 12:37 - 000002973 _____ C:\Users\A\Desktop\Fixlog.txt
2018-10-13 16:44 - 2018-10-15 16:06 - 000012034 _____ C:\Users\A\Desktop\FRST.txt
2018-10-13 16:44 - 2018-10-13 16:45 - 000023092 _____ C:\Users\A\Desktop\Addition.txt
2018-10-13 16:44 - 2018-10-13 16:44 - 002414592 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2018-10-13 16:28 - 2018-10-13 16:29 - 000050124 _____ C:\Users\A\Downloads\FRST.txt
2018-10-13 16:28 - 2018-10-13 16:29 - 000022957 _____ C:\Users\A\Downloads\Addition.txt
2018-10-13 16:26 - 2018-10-15 16:06 - 000000000 ____D C:\FRST
2018-10-13 15:37 - 2018-10-14 12:30 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-10-12 22:38 - 2018-10-12 22:38 - 000000656 _____ C:\Users\A\Desktop\mywaymalware.txt
2018-10-11 17:00 - 2018-10-11 17:00 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-11 17:00 - 2018-10-11 17:00 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-11 17:00 - 2018-10-11 17:00 - 000000000 ____D C:\Users\A\AppData\Local\mbamtray
2018-10-11 17:00 - 2018-10-11 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-11 17:00 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-10 10:51 - 2018-09-19 01:08 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 10:51 - 2018-09-18 12:08 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-10-10 10:51 - 2018-09-18 11:10 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 10:51 - 2018-09-17 22:52 - 025735168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-10-10 10:51 - 2018-09-17 22:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-10-10 10:51 - 2018-09-17 22:38 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-10-10 10:51 - 2018-09-17 22:27 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-10-10 10:51 - 2018-09-17 22:26 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-10-10 10:51 - 2018-09-17 22:25 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-10-10 10:51 - 2018-09-17 22:25 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-10-10 10:51 - 2018-09-17 22:19 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-10-10 10:51 - 2018-09-17 22:18 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-10-10 10:51 - 2018-09-17 22:16 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-10-10 10:51 - 2018-09-17 22:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-10-10 10:51 - 2018-09-17 22:15 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-10-10 10:51 - 2018-09-17 22:14 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-10-10 10:51 - 2018-09-17 22:14 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-10-10 10:51 - 2018-09-17 22:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-10-10 10:51 - 2018-09-17 22:09 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-10-10 10:51 - 2018-09-17 22:06 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-10-10 10:51 - 2018-09-17 22:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-10-10 10:51 - 2018-09-17 22:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-10-10 10:51 - 2018-09-17 22:00 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-10-10 10:51 - 2018-09-17 21:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-10-10 10:51 - 2018-09-17 21:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-10-10 10:51 - 2018-09-17 21:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-10-10 10:51 - 2018-09-17 21:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-10-10 10:51 - 2018-09-17 21:45 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-10-10 10:51 - 2018-09-17 21:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-10-10 10:51 - 2018-09-17 21:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-10-10 10:51 - 2018-09-17 21:41 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-10-10 10:51 - 2018-09-17 21:41 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-10-10 10:51 - 2018-09-17 21:39 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-10-10 10:51 - 2018-09-17 21:35 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-10-10 10:51 - 2018-09-17 21:33 - 020278784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 10:51 - 2018-09-17 21:31 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-10-10 10:51 - 2018-09-17 21:23 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-10-10 10:51 - 2018-09-17 21:21 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-10-10 10:51 - 2018-09-17 21:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-10-10 10:51 - 2018-09-17 21:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-10-10 10:51 - 2018-09-17 21:20 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-10-10 10:51 - 2018-09-17 21:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-10-10 10:51 - 2018-09-17 21:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 10:51 - 2018-09-17 21:15 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-10-10 10:51 - 2018-09-17 21:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-10-10 10:51 - 2018-09-17 21:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-10-10 10:51 - 2018-09-17 21:13 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-10-10 10:51 - 2018-09-17 21:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-10-10 10:51 - 2018-09-17 21:12 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 10:51 - 2018-09-17 21:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-10-10 10:51 - 2018-09-17 21:06 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-10-10 10:51 - 2018-09-17 21:03 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-10-10 10:51 - 2018-09-17 21:02 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-10-10 10:51 - 2018-09-17 21:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-10-10 10:51 - 2018-09-17 21:00 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-10-10 10:51 - 2018-09-17 20:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-10-10 10:51 - 2018-09-17 20:58 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-10-10 10:51 - 2018-09-17 20:57 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 10:51 - 2018-09-17 20:57 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-10-10 10:51 - 2018-09-17 20:53 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-10-10 10:51 - 2018-09-17 20:52 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-10-10 10:51 - 2018-09-17 20:51 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-10-10 10:51 - 2018-09-17 20:50 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-10-10 10:51 - 2018-09-17 20:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-10-10 10:51 - 2018-09-17 20:37 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 10:51 - 2018-09-17 20:34 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 10:51 - 2018-09-17 20:31 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-10-10 10:51 - 2018-09-11 11:28 - 003227136 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-10-10 10:51 - 2018-09-11 11:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-10-10 10:51 - 2018-09-11 11:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 005552328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-10-10 10:51 - 2018-09-08 18:02 - 001680072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000986824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000708296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-10-10 10:51 - 2018-09-08 18:02 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-10-10 10:51 - 2018-09-08 18:02 - 000265416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000262344 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-10-10 10:51 - 2018-09-08 18:02 - 000154824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-10-10 10:51 - 2018-09-08 18:02 - 000095432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-10-10 10:51 - 2018-09-08 18:01 - 001664320 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 002851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-10-10 10:51 - 2018-09-08 17:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-10-10 10:51 - 2018-09-08 17:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:46 - 004054216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-10-10 10:51 - 2018-09-08 17:46 - 003959496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-10-10 10:51 - 2018-09-08 17:46 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-10-10 10:51 - 2018-09-08 17:44 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-10-10 10:51 - 2018-09-08 17:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:42 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-10-10 10:51 - 2018-09-08 17:25 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-10-10 10:51 - 2018-09-08 17:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-10-10 10:51 - 2018-09-08 17:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-10-10 10:51 - 2018-09-08 17:21 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-10-10 10:51 - 2018-09-08 17:21 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-10-10 10:51 - 2018-09-08 17:20 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-10-10 10:51 - 2018-09-08 17:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-10-10 10:51 - 2018-09-08 17:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-10-10 10:51 - 2018-09-08 17:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-10-10 10:51 - 2018-09-08 17:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-10-10 10:51 - 2018-09-08 17:13 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-10-10 10:51 - 2018-09-08 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-10-10 10:51 - 2018-09-08 17:12 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-10-10 10:51 - 2018-09-08 17:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-10-10 10:51 - 2018-08-27 23:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-10-10 10:51 - 2018-08-27 23:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-10-10 10:51 - 2018-08-27 23:24 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-10-10 10:51 - 2018-08-27 23:09 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-10-10 10:51 - 2018-08-27 23:09 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 10:51 - 2018-08-27 22:52 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-10-10 10:51 - 2018-08-27 22:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-10-10 10:51 - 2018-08-27 22:52 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-10-10 10:51 - 2018-08-15 19:18 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2018-10-10 10:51 - 2018-08-13 14:49 - 001391856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-10-10 10:51 - 2018-08-13 08:54 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-10-10 10:51 - 2018-08-12 13:32 - 000140976 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-10-10 10:51 - 2018-08-12 13:27 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-10-10 10:51 - 2018-08-08 08:54 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-10-10 10:51 - 2018-08-08 08:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-10-10 10:51 - 2018-08-08 08:40 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-10-10 10:51 - 2018-08-08 08:40 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-15 16:04 - 2018-05-15 15:16 - 000000000 ____D C:\Users\A\AppData\LocalLow\Mozilla
2018-10-15 16:02 - 2018-05-15 15:04 - 000002950 _____ C:\Windows\System32\Tasks\AsrSP.exe
2018-10-15 16:02 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-15 01:57 - 2018-05-16 09:38 - 000000000 ____D C:\Users\A\AppData\Local\Glyph
2018-10-14 18:46 - 2009-07-13 21:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-14 18:46 - 2009-07-13 21:45 - 000020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-14 18:45 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-14 18:45 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-10-14 12:33 - 2018-05-15 15:07 - 000000000 ____D C:\ProgramData\Norton
2018-10-14 12:33 - 2018-05-15 15:06 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-10-11 23:43 - 2018-05-16 10:10 - 000000000 ____D C:\Users\A\AppData\Roaming\RIFT
2018-10-11 16:30 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2018-10-11 16:06 - 2018-05-21 03:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-11 15:53 - 2009-07-13 21:45 - 000268392 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-10 19:50 - 2018-05-15 16:17 - 000000000 ____D C:\Windows\system32\MRT
2018-10-10 19:49 - 2018-05-15 16:16 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-10 19:46 - 2018-05-15 14:51 - 000773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-05 17:12 - 2018-05-15 15:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-05 17:12 - 2018-05-15 15:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-20 15:25 - 2018-05-15 15:04 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-20 15:25 - 2018-05-15 15:04 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-20 04:48 - 2018-05-21 03:22 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-08 13:15

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by A (15-10-2018 16:06:47)
Running from C:\Users\A\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-05-15 21:47:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

A (S-1-5-21-4039896684-1515332837-803061559-1000 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-4039896684-1515332837-803061559-500 - Administrator - Disabled)
Guest (S-1-5-21-4039896684-1515332837-803061559-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4039896684-1515332837-803061559-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
APP Shop v1.0.13 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.13 - ASRock Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.224 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.224 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4039896684-1515332837-803061559-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-05-21] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4252F1C9-4407-4A95-B5B2-7D162E7D618B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {53968C66-AECD-4082-8EE5-EA0E6AE0EE62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {8FBA0728-BF9B-4719-89A3-2187EAC9EAFE} - System32\Tasks\ASRock Internet Setup => D:\ASRSetup.exe
Task: {9672333B-F387-483D-827E-AFA56F0B0934} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-05-27] ()
Task: {9EBEB08E-BFDD-4136-B522-FAF39A2C1350} - System32\Tasks\{9862C086-1C49-45A0-847F-95330BCE85FC} => C:\Users\A\Downloads\GlyphInstall-9999-1001.exe [2018-05-16] (Trion Worlds Inc.)
Task: {CA836B91-4300-4A50-A89C-2C9402148ACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc.)
Task: {F751E384-F06E-4E52-A7EC-9D7E766DEBA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 15:04 - 2014-07-31 16:17 - 000463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 000209712 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000037168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-25 16:01 - 2014-08-25 16:01 - 000057648 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-10-11 17:00 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-11 17:00 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-15 14:59 - 2013-09-03 16:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-07-17 10:30 - 2017-07-17 10:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4039896684-1515332837-803061559-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{907330F4-8E23-4325-B25D-65F4F1F1A813}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{43803AC7-5E6C-4ED0-8840-0718DCC4491E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C8687688-65A8-409D-997B-9587038F1556}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{5AB40963-80C5-4129-BF81-111EB5831F6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D7480A11-BDEA-4FE8-972E-5C96ABA5C25D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{568F7DDA-65E0-4DA7-830A-6F50A9A4565E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCC3993B-43E8-4076-A692-B345C3FEE314}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE26A3D8-CDCB-4E23-909B-920F24B191C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A2A67419-45A4-4CED-B16E-F351437C443C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-10-2018 19:46:04 Windows Update
11-10-2018 15:56:41 Windows Update
11-10-2018 16:03:33 Windows Backup
13-10-2018 15:13:42 Windows Backup
13-10-2018 15:19:28 Windows Backup
13-10-2018 15:31:08 Windows Backup
14-10-2018 12:37:13 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2018 04:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2018 06:40:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2018 12:39:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2018 12:37:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8d9c9d2a-2690-4569-ae45-308241278f58}

Error: (10/14/2018 12:35:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2018 12:15:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/13/2018 03:14:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/12/2018 10:49:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\A\Desktop\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (10/15/2018 04:03:05 PM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (10/15/2018 04:02:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/14/2018 06:39:08 PM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (10/14/2018 06:38:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/14/2018 12:38:41 PM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (10/14/2018 12:38:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (10/14/2018 12:37:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2018 12:37:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G1840 @ 2.80GHz
Percentage of memory in use: 54%
Total physical RAM: 5813.72 MB
Available physical RAM: 2672.36 MB
Total Virtual: 11625.58 MB
Available Virtual: 8578.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.7 GB) (Free:70.42 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:905.68 GB) NTFS

\\?\Volume{2589af40-5889-11e8-9fab-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: F7769DFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A073F3AD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by HeadDesk, Today, 12:05 AM.


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:37 AM

Posted Today, 06:15 AM

HeadDesk:
 
Thank you for your post and the fresh set of FRST scan logs.  No need to apologize whatsoever.  How could you know, in advance, that I would want another set of fresh FRST scan logs? :)
 
I am seeing Norton remnants in the new FRST scan logs, as I expected, so I will have to craft another FRST "fixlist" script for your computer to remove those.
 
Unfortunately, I have commitments until late this afternoon, so I would ask for your patience.  I do hope to reply back much later today with a new FRST "fixlist" script to remove the Norton remnants.
 
Thank you for your understanding.  "Real life" does get in the way of my malware removal activities. :(
 
Have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





2 user(s) are reading this topic

1 members, 1 guests, 0 anonymous users


    HeadDesk