Jump to content

Recommended Posts

Hello,

Since the start of the year (~1 month or so), I've been noticing suspicious behavior on my personal computer. For example, the Local Admin account appears to be enabled, password-protected, and in-use - seemingly out of the blue (again, this computer is personally-owned and not employer-provided, I am the only user). I've also noticed some of my network security settings have been modified without my knowing and unfamiliar services related to Homegroup Listening, COM Surrogate, & Chrome.exe have been running in the background. Among other off-putting signs, I've also had slow start-up time and sporadic CPU, Disk, and Memory usage (sometimes up to 99%) when I'm merely working in Notepad or searching for files on my desktop with no other applications open. 

Could I be paranoid? I would love to have a second opinion from an expert. Please let me know what you think - I've copied the results of my FRST scan below and have attached the secondary Addition file as well:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by jille (administrator) on 1W1LLC4NCELU-MF (09-02-2017 13:42:32)
Running from C:\Users\jille\Desktop
Loaded Profiles: jille (Available Profiles: jille)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google, Inc) C:\Users\jille\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Dmailer S.A.) C:\Users\jille\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-19] ()
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [Google Update] => C:\Users\jille\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-01-27] (Google Inc.)
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [Google Photos Backup] => C:\Users\jille\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [TIDAL] => C:\Users\jille\AppData\Local\TIDAL\update.exe --processStart TIDAL.exe --process-start-args " -autostart -minimized"
HKU\S-1-5-21-191552429-793297199-1396170962-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\jille\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-02-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-02-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6afbfe8e-20a1-4693-a26a-cac7024260fc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dfa77438-a6d3-45de-9ed8-ab195a6f0e2d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-191552429-793297199-1396170962-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ASUS15.msn.com/?pc=ASTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

Edge: 
======
Edge Extension: (OneNote Web Clipper) -> EdgeExtension_MicrosoftOneNoteWebClipper_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OneNoteWebClipper_3.4.5.0_neutral__8wekyb3d8bbwe [2017-02-02]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-19] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin HKU\S-1-5-21-191552429-793297199-1396170962-1001: @tools.google.com/Google Update;version=3 -> C:\Users\jille\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-191552429-793297199-1396170962-1001: @tools.google.com/Google Update;version=9 -> C:\Users\jille\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-08]
CHR Extension: (Google Docs) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-07]
CHR Extension: (Google Drive) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-07]
CHR Extension: (YouTube) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-07]
CHR Extension: (Honey) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-01]
CHR Extension: (Adblock Plus) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-09]
CHR Extension: (Google Sheets) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-01]
CHR Extension: (Google Hangouts) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-01]
CHR Extension: (Evernote Web) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-12-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-27]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-11-09]
CHR Extension: (Office Online) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-09]
CHR Extension: (Save to Pocket) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Print Friendly & PDF) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-02-04]
CHR Extension: (ScriptSafe) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-01-27]
CHR Extension: (Outlook.com) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-11-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-09]
CHR Extension: (Gmail) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\jille\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
CHR Profile: C:\Users\jille\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-191552429-793297199-1396170962-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation) [File not signed]
S3 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-09] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUS)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-02] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-09] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek                                            )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5164288 2016-04-13] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 13:42 - 2017-02-09 13:42 - 00027016 _____ C:\Users\jille\Desktop\FRST.txt
2017-02-09 13:42 - 2017-02-09 13:42 - 00000000 ____D C:\FRST
2017-02-09 13:23 - 2017-02-09 13:23 - 02421248 _____ (Farbar) C:\Users\jille\Desktop\FRST64.exe
2017-02-09 12:04 - 2017-02-09 12:04 - 00003354 _____ C:\Users\jille\Desktop\Rkill2.txt
2017-02-09 11:50 - 2017-02-09 11:50 - 00001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-02-09 11:50 - 2017-02-09 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-02-09 11:50 - 2017-02-09 11:50 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-09 11:49 - 2017-02-09 11:59 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-09 11:45 - 2017-02-09 11:49 - 11581544 _____ (SurfRight B.V.) C:\Users\jille\Desktop\hitmanpro_x64.exe
2017-02-03 05:59 - 2017-02-03 06:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-03 02:28 - 2017-02-03 02:28 - 00000174 _____ C:\Users\jille\Desktop\cmdstuff.txt
2017-02-03 01:47 - 2017-02-03 01:47 - 00000000 ____D C:\Users\jille\Desktop\Brian Photos
2017-02-03 01:24 - 2017-02-03 01:43 - 00000000 ____D C:\Users\jille\Desktop\restored
2017-02-03 00:15 - 2017-02-03 00:15 - 00068802 _____ C:\Users\jille\OneDrive\Documents\NetworkDiagnostics1.debugreport.xml
2017-02-03 00:11 - 2017-02-03 00:11 - 00068805 _____ C:\Users\jille\OneDrive\Documents\NetworkDiagnostics.debugreport.xml
2017-02-03 00:09 - 2017-02-03 00:09 - 00048956 _____ C:\Users\jille\OneDrive\Documents\results.xsl
2017-02-02 23:35 - 2017-02-02 10:52 - 00007410 _____ C:\Users\jille\OneDrive\Documents\ipconfig.all.txt
2017-02-02 22:44 - 2017-02-09 12:08 - 00000000 ____D C:\AdwCleaner
2017-02-02 22:44 - 2017-02-02 22:44 - 04015056 _____ C:\Users\jille\Desktop\adwcleaner_6.043.exe
2017-02-02 22:42 - 2017-02-02 22:42 - 00001096 _____ C:\Users\jille\Desktop\malwarebyteslog.txt
2017-02-02 21:24 - 2017-02-09 12:09 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 21:24 - 2017-02-09 12:09 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-02 21:24 - 2017-02-09 12:09 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-02 21:24 - 2017-02-09 12:09 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-02 21:24 - 2017-02-02 21:24 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-02 21:24 - 2017-02-02 21:24 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-02 21:24 - 2017-02-02 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-02 21:24 - 2017-02-02 21:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-02 21:24 - 2017-02-02 21:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-02 21:24 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-02 21:23 - 2017-02-02 21:23 - 55566792 _____ (Malwarebytes ) C:\Users\jille\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-02 20:59 - 2017-02-02 20:59 - 00010737 _____ C:\Users\jille\Desktop\Book1.xlsx
2017-02-02 20:58 - 2017-02-02 21:20 - 55565950 _____ C:\Users\jille\Desktop\mb3-setup-1878.1878-3.0.6.1469.exe
2017-02-02 20:55 - 2017-02-09 12:01 - 00003354 _____ C:\Users\jille\Desktop\Rkill.txt
2017-02-02 20:55 - 2017-02-02 20:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\jille\Desktop\iExplore.exe
2017-02-02 09:46 - 2017-02-02 19:38 - 00007676 _____ C:\Users\jille\AppData\Local\Resmon.ResmonCfg
2017-02-02 09:12 - 2017-02-09 12:57 - 00000000 ____D C:\Users\jille\AppData\Roaming\SanDisk
2017-02-02 09:12 - 2017-02-02 09:12 - 00000000 ____D C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2017-02-02 09:09 - 2017-02-02 09:09 - 00000272 _____ C:\Users\jille\AppData\Roaming\.backup.dm
2017-02-02 03:00 - 2017-02-02 09:31 - 00000000 ____D C:\Users\jille\AppData\Local\EvernoteNW
2017-02-02 02:52 - 2017-02-02 02:52 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2017-02-02 02:52 - 2017-02-02 02:52 - 00000000 ____D C:\Users\jille\AppData\LocalLow\Evernote
2017-02-02 02:52 - 2017-02-02 02:52 - 00000000 ____D C:\Users\jille\AppData\Local\Evernote
2017-02-01 17:51 - 2017-02-01 17:51 - 00000000 ____D C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-01 17:05 - 2017-02-09 11:38 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-28 03:01 - 2017-01-28 03:01 - 06402817 _____ C:\Users\jille\Downloads\Photos.zip
2017-01-27 18:23 - 2017-02-02 13:43 - 00000000 ____D C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TIDAL
2017-01-27 18:23 - 2017-02-02 11:22 - 00000000 ____D C:\Users\jille\AppData\Roaming\TIDAL
2017-01-27 18:22 - 2017-02-02 13:43 - 00000000 ____D C:\Users\jille\AppData\Local\TIDAL
2017-01-27 18:22 - 2017-01-27 18:23 - 00000000 ____D C:\Users\jille\AppData\Local\SquirrelTemp
2017-01-27 18:22 - 2017-01-27 18:22 - 62361312 _____ (TIDAL Music AS) C:\Users\jille\Downloads\TIDALSetup.exe
2017-01-27 17:32 - 2017-01-27 17:37 - 00003672 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-191552429-793297199-1396170962-1001UA
2017-01-27 17:32 - 2017-01-27 17:37 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-191552429-793297199-1396170962-1001Core
2017-01-27 17:32 - 2017-01-27 17:32 - 02662800 _____ (Google) C:\Users\jille\Downloads\gpautobackup_setup.exe
2017-01-27 17:32 - 2017-01-27 17:32 - 00000000 ____D C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2017-01-27 17:11 - 2017-02-09 12:58 - 00000000 ___RD C:\Users\jille\Google Drive
2017-01-27 17:11 - 2017-01-27 17:11 - 00001809 _____ C:\Users\jille\Desktop\Google Drive.lnk
2017-01-27 17:08 - 2017-01-27 17:08 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-01-27 17:08 - 2017-01-27 17:08 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-01-27 17:08 - 2017-01-27 17:08 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-01-27 17:08 - 2017-01-27 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-01-27 17:07 - 2017-01-27 17:07 - 01065376 _____ (Google Inc.) C:\Users\jille\Downloads\googledrivesync.exe
2017-01-27 16:43 - 2017-01-27 16:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-26 17:25 - 2016-12-29 16:58 - 00000121 ____R C:\Users\jille\OneDrive\Documents\OneNote.url
2017-01-25 17:46 - 2017-02-02 13:20 - 00000000 ___RD C:\Users\jille\Dropbox
2017-01-25 16:25 - 2017-01-25 16:25 - 00690080 _____ (Dropbox, Inc.) C:\Users\jille\Downloads\DropboxInstaller.exe
2017-01-25 16:25 - 2017-01-25 16:25 - 00000000 ____D C:\ProgramData\Dropbox
2017-01-24 20:33 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 20:33 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-11 22:58 - 2016-12-21 02:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 22:58 - 2016-12-21 02:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 22:58 - 2016-12-21 01:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 22:58 - 2016-12-21 01:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 22:58 - 2016-12-21 01:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 22:58 - 2016-12-21 01:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 22:58 - 2016-12-21 01:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 22:58 - 2016-12-21 01:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 22:58 - 2016-12-21 01:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 22:58 - 2016-12-21 01:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 22:58 - 2016-12-21 01:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 22:58 - 2016-12-21 01:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 22:58 - 2016-12-21 01:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 22:58 - 2016-12-21 01:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 22:58 - 2016-12-21 00:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 22:58 - 2016-12-21 00:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 22:58 - 2016-12-21 00:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 22:58 - 2016-12-21 00:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 22:58 - 2016-12-21 00:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 22:58 - 2016-12-21 00:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 22:58 - 2016-12-21 00:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 22:58 - 2016-12-21 00:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 22:58 - 2016-12-21 00:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 22:58 - 2016-12-21 00:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 22:58 - 2016-12-21 00:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 22:58 - 2016-12-20 23:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 22:58 - 2016-12-20 23:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 22:58 - 2016-12-20 23:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 22:58 - 2016-12-20 22:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 22:58 - 2016-12-20 22:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 22:58 - 2016-12-20 22:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 22:58 - 2016-12-20 22:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 22:58 - 2016-12-20 22:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 22:58 - 2016-12-20 22:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 22:58 - 2016-12-20 22:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 22:58 - 2016-12-20 22:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 22:58 - 2016-12-20 22:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 22:58 - 2016-12-20 22:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 22:58 - 2016-12-20 22:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 22:58 - 2016-12-20 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 22:58 - 2016-12-20 22:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 22:58 - 2016-12-20 22:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 22:58 - 2016-12-20 22:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 22:58 - 2016-12-20 22:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 22:58 - 2016-12-13 23:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 22:58 - 2016-12-13 23:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 22:58 - 2016-12-13 23:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 22:58 - 2016-12-13 23:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 22:58 - 2016-12-13 23:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 22:58 - 2016-12-13 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 22:58 - 2016-12-13 22:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 22:58 - 2016-12-13 22:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 22:58 - 2016-12-13 22:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 22:58 - 2016-12-13 22:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 22:58 - 2016-12-13 22:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 22:58 - 2016-12-13 22:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 22:58 - 2016-12-13 22:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 22:58 - 2016-12-13 22:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 22:58 - 2016-12-13 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 22:58 - 2016-12-13 22:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 22:58 - 2016-12-13 22:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 22:58 - 2016-12-13 22:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 22:58 - 2016-12-13 22:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 22:58 - 2016-12-13 22:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 22:58 - 2016-12-13 22:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 22:58 - 2016-12-13 22:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 22:58 - 2016-12-13 22:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 22:58 - 2016-12-13 22:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 22:58 - 2016-12-13 22:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 22:58 - 2016-12-13 22:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 22:58 - 2016-12-13 22:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 22:58 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 22:58 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 22:58 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 22:57 - 2016-12-21 02:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 22:57 - 2016-12-21 01:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 22:57 - 2016-12-21 01:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 22:57 - 2016-12-21 01:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 22:57 - 2016-12-21 01:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 22:57 - 2016-12-21 01:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 22:57 - 2016-12-21 01:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 22:57 - 2016-12-21 01:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 22:57 - 2016-12-21 01:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 22:57 - 2016-12-21 01:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 22:57 - 2016-12-21 01:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 22:57 - 2016-12-21 01:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 22:57 - 2016-12-21 01:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 22:57 - 2016-12-21 01:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 22:57 - 2016-12-21 01:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 22:57 - 2016-12-21 01:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 22:57 - 2016-12-21 01:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 22:57 - 2016-12-21 01:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 22:57 - 2016-12-21 01:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 22:57 - 2016-12-21 01:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 22:57 - 2016-12-21 01:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 22:57 - 2016-12-21 01:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 22:57 - 2016-12-21 01:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 22:57 - 2016-12-21 01:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 22:57 - 2016-12-21 01:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 22:57 - 2016-12-21 00:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 22:57 - 2016-12-21 00:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 22:57 - 2016-12-21 00:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 22:57 - 2016-12-21 00:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 22:57 - 2016-12-21 00:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 22:57 - 2016-12-21 00:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 22:57 - 2016-12-21 00:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 22:57 - 2016-12-21 00:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 22:57 - 2016-12-21 00:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 22:57 - 2016-12-20 23:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 22:57 - 2016-12-20 22:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 22:57 - 2016-12-20 22:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 22:57 - 2016-12-20 22:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 22:57 - 2016-12-20 22:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 22:57 - 2016-12-20 22:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 22:57 - 2016-12-20 22:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 22:57 - 2016-12-20 22:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 22:57 - 2016-12-20 22:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 22:57 - 2016-12-20 22:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 22:57 - 2016-12-20 22:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 22:57 - 2016-12-20 22:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 22:57 - 2016-12-20 22:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 22:57 - 2016-12-13 23:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 22:57 - 2016-12-13 23:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 22:57 - 2016-12-13 23:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 22:57 - 2016-12-13 23:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 22:57 - 2016-12-13 23:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 22:57 - 2016-12-13 23:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 22:57 - 2016-12-13 23:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 22:57 - 2016-12-13 23:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 22:57 - 2016-12-13 23:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 22:57 - 2016-12-13 23:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 22:57 - 2016-12-13 23:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 22:57 - 2016-12-13 23:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 22:57 - 2016-12-13 23:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 22:57 - 2016-12-13 22:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 22:57 - 2016-12-13 22:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 22:57 - 2016-12-13 22:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 22:57 - 2016-12-13 22:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 22:57 - 2016-12-13 22:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 22:57 - 2016-12-13 22:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 22:57 - 2016-12-13 22:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 22:57 - 2016-12-13 22:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 22:57 - 2016-12-13 22:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 22:57 - 2016-12-13 22:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 22:57 - 2016-12-13 22:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 22:57 - 2016-12-13 22:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 22:57 - 2016-12-13 22:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 22:57 - 2016-12-13 22:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 22:57 - 2016-12-13 22:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 22:57 - 2016-12-13 22:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 22:57 - 2016-12-13 22:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 22:57 - 2016-12-13 22:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 22:57 - 2016-12-13 22:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 22:57 - 2016-12-13 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 22:57 - 2016-12-13 22:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 22:57 - 2016-12-13 22:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 22:57 - 2016-12-13 22:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 22:57 - 2016-12-13 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 22:57 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 22:57 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 22:57 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-09 13:18 - 2017-01-02 19:09 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-09 12:57 - 2016-11-07 17:55 - 00000000 __SHD C:\Users\jille\IntelGraphicsProfiles
2017-02-09 12:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-09 12:14 - 2016-02-16 02:31 - 01333612 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-09 12:09 - 2016-11-23 04:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 12:09 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-09 11:48 - 2016-12-16 15:44 - 00524288 ___SH C:\Users\jille\Desktop\Thumbs.db
2017-02-09 11:47 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 11:47 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-09 11:40 - 2016-02-16 02:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-09 11:38 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-09 11:38 - 2016-02-16 02:40 - 00000000 ____D C:\ProgramData\McAfee
2017-02-09 11:37 - 2016-12-21 07:09 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E6FD19A-8C91-4AB4-B1CE-6D7C89FF85AE}
2017-02-09 11:36 - 2016-11-23 03:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-03 03:20 - 2016-11-07 17:55 - 00000000 ____D C:\Users\jille\AppData\Local\Packages
2017-02-03 02:56 - 2016-11-07 17:58 - 00000000 ___RD C:\Users\jille\OneDrive
2017-02-03 02:52 - 2016-12-21 17:48 - 00000000 ____D C:\Users\jille\AppData\Local\ElevatedDiagnostics
2017-02-02 13:34 - 2016-11-07 17:55 - 00000000 ____D C:\Users\jille\AppData\Local\VirtualStore
2017-02-02 13:31 - 2016-12-16 04:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-02 13:30 - 2016-11-23 03:58 - 00000000 ____D C:\Users\jille
2017-02-02 10:52 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-02 09:07 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-02 05:20 - 2016-11-08 03:26 - 00000000 ____D C:\Users\jille\Desktop\Career
2017-02-02 02:52 - 2016-02-16 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-02-02 00:30 - 2016-11-07 18:32 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 00:30 - 2016-11-07 18:32 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-27 18:07 - 2016-11-07 23:21 - 00000000 ____D C:\Users\jille\OneDrive\Documents\Custom Office Templates
2017-01-27 17:58 - 2016-11-08 01:51 - 00000000 ____D C:\Users\jille\Desktop\Photo Library
2017-01-27 17:53 - 2016-11-08 03:39 - 00000000 ____D C:\Users\jille\Desktop\Personal
2017-01-27 17:32 - 2016-11-07 18:27 - 00000000 ____D C:\Users\jille\AppData\Local\Google
2017-01-27 17:08 - 2016-11-07 18:27 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-27 16:43 - 2016-12-30 11:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-26 17:24 - 2016-12-07 19:08 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 17:24 - 2016-11-07 17:58 - 00002416 _____ C:\Users\jille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 15:02 - 2016-12-20 22:03 - 00715776 ___SH C:\Users\jille\Downloads\Thumbs.db
2017-01-26 03:42 - 2016-12-15 23:21 - 00000120 ____R C:\Users\jille\OneDrive\Documents\Jill's Notebook.url
2017-01-24 22:02 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 18:32 - 2016-12-30 11:21 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-24 18:30 - 2016-02-16 02:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-19 07:03 - 2016-02-16 02:41 - 00000000 ____D C:\Program Files\mcafee
2017-01-19 07:02 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-19 07:01 - 2016-12-30 11:28 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-19 07:01 - 2016-12-30 11:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-13 20:48 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 20:42 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 20:41 - 2016-02-16 02:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 00:10 - 2016-11-23 03:50 - 00226424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 00:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 00:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 00:07 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 00:07 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 00:07 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 12:52 - 2016-11-07 18:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 12:49 - 2016-11-07 18:52 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-02-02 09:09 - 2017-02-02 09:09 - 0000272 _____ () C:\Users\jille\AppData\Roaming\.backup.dm
2017-02-02 09:46 - 2017-02-02 19:38 - 0007676 _____ () C:\Users\jille\AppData\Local\Resmon.ResmonCfg
2016-11-23 03:54 - 2016-11-23 03:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-05-31 03:13 - 2016-05-31 03:13 - 0219264 _____ (McAfee, Inc.) C:\Users\jille\AppData\Local\Temp\McCSPInstall.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-01 17:04

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.