hochoi Posted July 24, 2018 ID:1258505 Share Posted July 24, 2018 (edited) Every time I open Internet Explorer, I got the message (attached) about VBScript blocked but the regular scan from always confirm clean status. How do I fix this? Thanks, in advance. --------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/17/18 Protection Event Time: 10:50 AM Log File: 179d8d5c-89d9-11e8-8231-74d435861541.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.5937 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Hardening Protection Technique: Attempt to execute VBScript blocked File Name: C:\Windows\system32\VBScript.dll URL: (end) Edited July 24, 2018 by hochoi Link to post Share on other sites More sharing options...
hochoi Posted July 24, 2018 Author ID:1258512 Share Posted July 24, 2018 I also want add that the message also pops up even for the no ad-on internet explorer. Link to post Share on other sites More sharing options...
hochoi Posted July 24, 2018 Author ID:1258718 Share Posted July 24, 2018 Any help please? Link to post Share on other sites More sharing options...
nasdaq Posted July 25, 2018 ID:1258876 Share Posted July 25, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === This could be because the MBAM Notfoication option is ON. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === If this is not the issue and the problem persists execute this. Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions. Link to post Share on other sites More sharing options...
hochoi Posted July 26, 2018 Author ID:1258976 Share Posted July 26, 2018 (edited) Thanks, nasdaq. --------------------------- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018 Ran by PLV Pro (administrator) on PLVPRO-PC (25-07-2018 19:54:29) Running from C:\Users\PLV Pro\Desktop Loaded Profiles: PLV Pro (Available Profiles: PLV Pro) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (Viber Media S.Ã r.l.) C:\Users\PLV Pro\AppData\Local\Viber\Viber.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Henry++) D:\Newlly added softwares\freeshooter\64\freeshooter.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe () C:\Windows\SysWOW64\atwtusb.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Newlly added softwares\FastStone Capture 5.3\FSCapture.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe () C:\Windows\SysWOW64\atwtusb.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe () C:\Users\PLV Pro\Box Sync\Default Sync Folder\unikey40RC2-1101-win64\UniKeyNT.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\Bin\DpAgent.exe () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Ipswitch, Inc) C:\Program Files (x86)\Ipswitch\iMacros\nm.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\PING.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\TeXstudio\texstudio.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroRd32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Opera Software) C:\Program Files (x86)\Opera\54.0.2952.54\opera.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5966864 2018-05-02] (Box, Inc.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-06-29] (Adobe Systems Inc.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2013-02-16] (DigitalPersona, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.) HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1320448 2018-06-12] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Google Update] => C:\Users\PLV Pro\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\PLV Pro\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [EPSON Stylus CX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [209408 2007-02-15] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Viber] => C:\Users\PLV Pro\AppData\Local\Viber\Viber.exe [41548368 2017-01-03] (Viber Media S.Ã r.l.) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Free Shooter] => D:\Newlly added softwares\freeshooter\64\freeshooter.exe [235008 2018-01-28] (Henry++) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-06-29] (Adobe Systems Incorporated) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654728 2018-06-26] (Skype Technologies S.A.) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Run: [GoogleChromeAutoLaunch_3996A68919F3456A329CE70A7869FD7F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.) HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Policies\Explorer: [] HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\MountPoints2: {2c33d469-bd0f-11e3-a1bc-fd121afd2531} - F:\LaunchU3.exe HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\MountPoints2: {9e088c36-da3e-11e2-b37e-806e6f6e6963} - F:\Run.exe Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-12-13] ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2015-10-25] ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico () Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FSCapture.exe - Shortcut.lnk [2016-08-07] ShortcutTarget: FSCapture.exe - Shortcut.lnk -> D:\Newlly added softwares\FastStone Capture 5.3\FSCapture.exe () Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2015-07-03] ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2013-06-24] ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe () Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2017-03-16] ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk [2013-06-24] ShortcutTarget: taskmgr - Shortcut.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation) Startup: C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UniKeyNT.exe - Shortcut.lnk [2016-09-21] ShortcutTarget: UniKeyNT.exe - Shortcut.lnk -> C:\Users\PLV Pro\Box Sync\Default Sync Folder\unikey40RC2-1101-win64\UniKeyNT.exe () GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06EEDBA3-6CC6-4CDA-B202-A89BA1371450}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{138B96C8-239C-46F9-BD5C-BB64A6DF940A}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1475EFBC-7EF7-4079-8F9C-BE6A3FE0B501}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{22CFC7BC-8034-4372-944A-1FD0FDA4F387}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{28D31183-A206-40C4-ADAD-F9CD244CC21C}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3843C4D4-1161-48BA-A2F5-D967610955D7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{476E76E4-A434-4454-89DA-C6249273A3A0}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5C004FEE-C16C-4BFF-BEEE-056D2823E7F7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{73A8D771-2D77-4E81-B97C-A994DBCE7080}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7BDF0282-3E05-48D1-A7A0-52E5B54ADB62}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{84B7A108-B5A8-426D-9578-F9DD4EFFA80E}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8E99A7A5-45BC-4836-99A3-1F7993761048}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9E142B93-0B04-40EE-8FC4-C00F8EE7FA52}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A481A622-AD73-4C1F-9B14-1B12BA0DDF1D}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BC454870-526A-4CAD-A985-8CF2097356C4}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CFED816E-10BB-4CDF-A658-1B71F3E077B6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E6E66F68-3414-4171-BF4F-3C777E96594F}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EEEEABCE-3E58-4CC4-AD29-904C633A5BB3}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{FEC30C30-E3DA-4C1A-ACFB-EF23B650A227}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2004868559-321660656-112912198-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-2004868559-321660656-112912198-1001 -> {787980EE-FB95-4478-A60A-556079C37584} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle BHO: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files\Ipswitch\iMacros\iMacrosBHO.dll [2016-10-07] () BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\Bin\DpOtsPluginIe8.dll [2009-07-17] (DigitalPersona, Inc.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20170728184132.dll [2012-06-28] (McAfee, Inc.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: iMacros Browser Helper Object -> {34D5A80A-992D-4F07-9509-66E9E133BAAF} -> C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll [2016-10-07] () BHO-x32: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-07-17] (DigitalPersona, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-22] (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20170728184132.dll [2012-06-28] (McAfee, Inc.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-22] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - No Name - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - No File Toolbar: HKU\S-1-5-21-2004868559-321660656-112912198-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) DPF: HKLM-x32 {0C5CF442-582F-4357-B116-765DA99CAA8C} hxxps://bxsprod.apps.uillinois.edu/WX/client/IrcViewer.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {89F1C7A1-B550-406D-8CD6-901D277F6388} hxxps://bxsprod.apps.uillinois.edu/wx/client/IrcResultSet.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18 [2018-07-25] FF Homepage: Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18 -> hxxps://www.yahoo.com/?type=orcl_hpset FF Session Restore: Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18 -> is enabled. FF Extension: (Internet Download Accelerator) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ida@westbyte.com.xpi [2017-10-27] FF Extension: (Internet Download Accelerator Toolbar) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\idabarff@westbyte.com.xpi [2017-02-10] [Legacy] FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\ALone-live@ya.ru.xpi [2017-10-30] [Legacy] FF Extension: (Flash Video Downloader) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\artur.dubovoy@gmail.com.xpi [2018-07-23] FF Extension: (Bookmark Favicon Changer) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\bookmarkfaviconchanger@sonthakit.xpi [2016-01-30] [Legacy] FF Extension: (Fakespot - Analyze Fake Amazon Reviews) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\contact@fakespot.com.xpi [2017-08-19] FF Extension: (FindBar Tweak) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\fbt@quicksaver.xpi [2017-01-28] [Legacy] FF Extension: (FoxyProxy Standard) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\foxyproxy@eric.h.jung.xpi [2018-02-26] FF Extension: (The Camelizer) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\izer@camelcamelcamel.com.xpi [2018-01-06] FF Extension: (Ratings Preview for YouTube™) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\jid0-G6461UajDjhNAwSukoedlkhD0XA@jetpack.xpi [2018-07-04] FF Extension: (Print Preview Button) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\mail@sindre.at.xpi [2016-04-28] [Legacy] FF Extension: (Memory Restart) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\memoryrestart@teamextension.com.xpi [2016-11-11] [Legacy] FF Extension: (Restart My Fox) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\Restart-My-Fox@8pecxstudios.com.xpi [2016-10-24] [Legacy] FF Extension: (Safe Preview) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\safepreview@everhelper.me.xpi [2016-04-28] [Legacy] FF Extension: (uBlock Origin) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\uBlock0@raymondhill.net.xpi [2018-07-17] FF Extension: (1-Click YouTube Video Downloader) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13] FF Extension: (Youtube ratings preview) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\ytlike@davidebuldrini.com.xpi [2016-12-01] [Legacy] FF Extension: (Zoom Page) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\zoompage@DW-dev.xpi [2017-10-06] [Legacy] FF Extension: (FlashGot) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-01-07] [Legacy] FF Extension: (NoScript) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-07-17] FF Extension: (Tab Auto Refresh) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2018-05-03] FF Extension: (iMacros for Firefox) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2018-07-10] FF Extension: (Yahoo Mail Hide Ad Panel) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2017-01-28] FF Extension: (Adblock Plus) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-17] FF Extension: (Tab Mix Plus) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-09-05] [Legacy] FF Extension: (DownThemAll!) - C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-11-11] [Legacy] FF SearchPlugin: C:\Users\PLV Pro\AppData\Roaming\Mozilla\Firefox\Profiles\qrnrjv8i.3 12 18\searchplugins\yahoo-ysp.xml [2015-10-25] FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-09] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2013-06-24] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: (IDS_SS_NAME) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2017-07-28] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKU\.DEFAULT\...\Firefox\Extensions: [wcapturex@deskperience.com] - MozFire => not found FF HKU\S-1-5-21-2004868559-321660656-112912198-1001\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-21] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-22] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-06-21] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\11.0.1.5601039\npmathplugin.dll [2016-09-28] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2004868559-321660656-112912198-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\PLV Pro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2004868559-321660656-112912198-1001: @talk.google.com/O1DPlugin -> C:\Users\PLV Pro\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2004868559-321660656-112912198-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PLV Pro\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin HKU\S-1-5-21-2004868559-321660656-112912198-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PLV Pro\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin HKU\S-1-5-21-2004868559-321660656-112912198-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\PLVPRO~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-08-28] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PLV Pro\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\PLV Pro\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://yahoo.com/ CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default [2018-07-25] CHR Extension: (TransOver) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2018-04-23] CHR Extension: (Ratings Preview for YouTube™) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2018-07-21] CHR Extension: (uBlock Origin) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-07-21] CHR Extension: (iMacros for Chrome) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2018-05-18] CHR Extension: (The Camelizer) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-06-22] CHR Extension: (AdBlock) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25] CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2018-07-21] CHR Extension: (Imagus) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2018-07-08] CHR Extension: (Video Blocker) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknkjnpcbbgcbdbaampbjlhkcghmgfhk [2018-05-29] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2018-07-21] CHR Extension: (Super Auto Refresh) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkhjakkgopekjlempoplnjclgedabddk [2018-06-20] CHR Extension: (Zoom for Google Chrome) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2018-04-06] CHR Extension: (Fakespot - Analyze Fake Amazon Reviews) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nakplnnackehceedgkgkokbgbmfghain [2017-09-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06] CHR Extension: (Ratings Preview for YouTube™) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\piaphheklodiededmbmgfcfbcagncgka [2018-06-25] CHR Extension: (Chrome Media Router) - C:\Users\PLV Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-04] CHR HKU\S-1-5-21-2004868559-321660656-112912198-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Magic Actions for YouTube™) - C:\Users\PLV Pro\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2017-12-04] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36680 2018-05-02] (Box, Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [178160 2014-08-28] (Coupons.com Inc.) R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-17] (DigitalPersona, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-06-21] (Macrovision Europe Ltd.) [File not signed] S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S2 matlabserver; C:\matlabR12\webserver\bin\win32\matlabserver.exe [258048 2000-06-15] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [202376 2012-09-25] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-09-25] (McAfee, Inc.) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTService; C:\Windows\SysWOW64\atwtusb.exe [397032 2009-08-06] () [File not signed] R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [79192 2016-02-18] (Citrix Systems, Inc.) R3 dpK00701; C:\Windows\System32\DRIVERS\dpK00701.sys [64016 2013-02-16] (DigitalPersona, Inc.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () [File not signed] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-13] (Malwarebytes) S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () [File not signed] S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-07-01] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [191208 2018-07-13] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [114920 2018-07-24] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [48360 2018-07-24] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-07-24] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92792 2018-07-25] (Malwarebytes) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-09-25] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-09-25] (McAfee, Inc.) U3 mfeavfk01; no ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-09-25] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2012-09-25] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305280 2012-09-25] (McAfee, Inc.) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [24640 2016-08-11] (Windows (R) Win 7 DDK provider) S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2246488 2016-05-12] (MediaTek Inc.) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-08-04] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-08-04] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-08-04] (Paragon) R3 usbdpfp; C:\Windows\System32\DRIVERS\usbdpfp.sys [67088 2013-02-16] (DigitalPersona, Inc.) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-17] (Windows (R) Codename Longhorn DDK provider) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [73616 2018-06-12] (Cisco Systems, Inc.) R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S3 sxuptp; system32\DRIVERS\sxuptp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-25 19:54 - 2018-07-25 19:54 - 000051751 _____ C:\Users\PLV Pro\Desktop\FRST.txt 2018-07-25 19:54 - 2018-07-25 19:54 - 000000000 ____D C:\FRST 2018-07-25 19:52 - 2018-07-25 19:52 - 002412544 _____ (Farbar) C:\Users\PLV Pro\Desktop\FRST64.exe 2018-07-25 12:07 - 2018-07-25 12:07 - 000221668 _____ C:\Users\PLV Pro\Desktop\msg_3109662e-902a-11e8-bcd1-514fbbd7c4f0.wav 2018-07-24 02:46 - 2018-07-24 02:46 - 000261741 _____ C:\Users\PLV Pro\Desktop\EasyFix70000.diagcab 2018-07-24 02:41 - 2018-07-24 02:41 - 000576512 _____ (Microsoft Corporation) C:\Users\PLV Pro\Desktop\Unconfirmed 569490.crdownload 2018-07-24 02:40 - 2018-07-24 02:40 - 000000788 _____ C:\Users\PLV Pro\Desktop\test.txt 2018-07-24 02:01 - 2018-07-24 02:01 - 000809424 _____ C:\Users\PLV Pro\Desktop\TUNG NGUYEN (Claim #1-7258-324-53)(4).pdf 2018-07-24 02:01 - 2018-07-24 02:01 - 000809424 _____ C:\Users\PLV Pro\Desktop\TUNG NGUYEN (Claim #1-7258-324-53)(3).pdf 2018-07-24 02:00 - 2018-07-24 02:00 - 000809424 _____ C:\Users\PLV Pro\Desktop\TUNG NGUYEN (Claim #1-7258-324-53)(2).pdf 2018-07-24 01:59 - 2018-07-24 01:59 - 000809424 _____ C:\Users\PLV Pro\Desktop\TUNG NGUYEN (Claim #1-7258-324-53)(1).pdf 2018-07-24 01:58 - 2018-07-24 01:58 - 000809424 _____ C:\Users\PLV Pro\Desktop\TUNG NGUYEN (Claim #1-7258-324-53).pdf 2018-07-18 01:33 - 2018-07-18 01:33 - 000007168 _____ C:\Users\PLV Pro\Desktop\gradebookReport_1531895607647.xls 2018-07-18 00:57 - 2018-07-18 01:35 - 000003952 _____ C:\Users\PLV Pro\Desktop\gc_182MAT11311085_fullgc_2018-07-18-00-57-36.xls 2018-07-17 23:41 - 2018-07-17 23:41 - 000823340 _____ C:\Users\PLV Pro\.recently-used.xbel 2018-07-17 03:32 - 2018-07-17 03:32 - 000000088 _____ C:\Users\PLV Pro\.gtk-bookmarks 2018-07-17 03:15 - 2018-07-17 03:15 - 001917278 _____ C:\Users\PLV Pro\Desktop\4.1-4.2,5.1-5.2.pdf 2018-07-13 18:46 - 2018-07-25 15:34 - 000092792 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-07-13 18:46 - 2018-07-24 03:29 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-07-13 18:46 - 2018-07-24 03:29 - 000114920 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-07-13 18:46 - 2018-07-24 03:29 - 000048360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-07-13 18:46 - 2018-07-13 18:49 - 000191208 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-07-13 18:46 - 2018-07-13 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-07-13 18:41 - 2018-07-13 18:49 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-07-13 18:41 - 2018-07-13 18:46 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-07-13 18:41 - 2018-07-13 18:41 - 000000000 ____D C:\Program Files\Malwarebytes 2018-07-10 17:56 - 2018-06-20 19:58 - 000398376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-07-10 17:56 - 2018-06-20 19:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-07-10 17:56 - 2018-06-16 12:07 - 025743872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-07-10 17:56 - 2018-06-16 11:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-07-10 17:56 - 2018-06-16 11:46 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-07-10 17:56 - 2018-06-16 11:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-07-10 17:56 - 2018-06-16 11:33 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-07-10 17:56 - 2018-06-16 11:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-07-10 17:56 - 2018-06-16 11:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-07-10 17:56 - 2018-06-16 11:31 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-07-10 17:56 - 2018-06-16 11:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-07-10 17:56 - 2018-06-16 11:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-07-10 17:56 - 2018-06-16 11:27 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-07-10 17:56 - 2018-06-16 11:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-07-10 17:56 - 2018-06-16 11:23 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-07-10 17:56 - 2018-06-16 11:20 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-07-10 17:56 - 2018-06-16 11:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-07-10 17:56 - 2018-06-16 11:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-07-10 17:56 - 2018-06-16 11:19 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-07-10 17:56 - 2018-06-16 11:19 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-07-10 17:56 - 2018-06-16 11:19 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-07-10 17:56 - 2018-06-16 11:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-07-10 17:56 - 2018-06-16 11:08 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-07-10 17:56 - 2018-06-16 11:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-07-10 17:56 - 2018-06-16 11:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-07-10 17:56 - 2018-06-16 11:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-07-10 17:56 - 2018-06-16 11:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-07-10 17:56 - 2018-06-16 11:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-07-10 17:56 - 2018-06-16 11:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-07-10 17:56 - 2018-06-16 11:02 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-07-10 17:56 - 2018-06-16 11:02 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-07-10 17:56 - 2018-06-16 11:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-07-10 17:56 - 2018-06-16 10:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-07-10 17:56 - 2018-06-16 10:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-07-10 17:56 - 2018-06-16 10:58 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-07-10 17:56 - 2018-06-16 10:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-07-10 17:56 - 2018-06-16 10:57 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-07-10 17:56 - 2018-06-16 10:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-07-10 17:56 - 2018-06-16 10:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-07-10 17:56 - 2018-06-16 10:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-07-10 17:56 - 2018-06-16 10:55 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-07-10 17:56 - 2018-06-16 10:53 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-07-10 17:56 - 2018-06-16 10:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-07-10 17:56 - 2018-06-16 10:46 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-07-10 17:56 - 2018-06-16 10:44 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-07-10 17:56 - 2018-06-16 10:42 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-07-10 17:56 - 2018-06-16 10:42 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-07-10 17:56 - 2018-06-16 10:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-07-10 17:56 - 2018-06-16 10:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-07-10 17:56 - 2018-06-16 10:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-07-10 17:56 - 2018-06-16 10:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-07-10 17:56 - 2018-06-16 10:39 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-07-10 17:56 - 2018-06-16 10:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-07-10 17:56 - 2018-06-16 10:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-07-10 17:56 - 2018-06-16 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-07-10 17:56 - 2018-06-16 10:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-07-10 17:56 - 2018-06-16 10:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-07-10 17:56 - 2018-06-16 10:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-07-10 17:56 - 2018-06-16 10:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-07-10 17:56 - 2018-06-16 10:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-07-10 17:56 - 2018-06-16 10:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-07-10 17:56 - 2018-06-16 10:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-07-10 17:56 - 2018-06-16 10:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-07-10 17:56 - 2018-06-16 10:16 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-07-10 17:56 - 2018-06-16 10:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-07-10 17:56 - 2018-06-16 10:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-07-10 17:56 - 2018-06-16 10:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-07-10 17:56 - 2018-06-16 10:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-07-10 17:56 - 2018-06-13 11:20 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2018-07-10 17:56 - 2018-06-13 11:19 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2018-07-10 17:56 - 2018-06-13 10:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2018-07-10 17:56 - 2018-06-13 10:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2018-07-10 17:56 - 2018-06-13 10:40 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-07-10 17:56 - 2018-06-08 11:27 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-07-10 17:56 - 2018-06-08 11:27 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-07-10 17:56 - 2018-06-08 11:27 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-07-10 17:56 - 2018-06-08 11:27 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-07-10 17:56 - 2018-06-08 11:27 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-07-10 17:56 - 2018-06-08 11:23 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-07-10 17:56 - 2018-06-08 11:22 - 001665344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-07-10 17:56 - 2018-06-08 11:21 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2018-07-10 17:56 - 2018-06-08 11:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-07-10 17:56 - 2018-06-08 11:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 11:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-07-10 17:56 - 2018-06-08 11:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-07-10 17:56 - 2018-06-08 10:57 - 001314072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-07-10 17:56 - 2018-06-08 10:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:44 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-07-10 17:56 - 2018-06-08 10:44 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-07-10 17:56 - 2018-06-08 10:44 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2018-07-10 17:56 - 2018-06-08 10:44 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-07-10 17:56 - 2018-06-08 10:43 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-07-10 17:56 - 2018-06-08 10:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-07-10 17:56 - 2018-06-08 10:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-07-10 17:56 - 2018-06-08 10:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2018-07-10 17:56 - 2018-06-08 10:34 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-07-10 17:56 - 2018-06-08 10:34 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-07-10 17:56 - 2018-06-08 10:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-07-10 17:56 - 2018-06-08 10:33 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-07-10 17:56 - 2018-06-08 10:33 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-07-10 17:56 - 2018-06-08 10:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2018-07-10 17:56 - 2018-06-08 10:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe 2018-07-10 17:56 - 2018-06-08 10:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-07-10 17:56 - 2018-06-08 10:21 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-07-10 17:56 - 2018-06-08 10:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-07-10 17:56 - 2018-06-08 10:21 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-07-10 17:56 - 2018-06-08 10:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-07-10 17:56 - 2018-06-08 10:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-07-10 17:56 - 2018-06-08 10:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-07-10 17:56 - 2018-06-08 10:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-07-10 17:56 - 2018-06-07 11:20 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2018-07-10 17:56 - 2018-06-07 11:19 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2018-07-10 17:56 - 2018-06-07 11:19 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2018-07-10 17:56 - 2018-06-07 11:19 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2018-07-10 17:56 - 2018-06-07 10:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2018-07-10 17:56 - 2018-06-07 10:49 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2018-07-10 17:56 - 2018-06-07 10:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll 2018-07-10 17:56 - 2018-05-31 11:28 - 001893568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-07-10 17:56 - 2018-05-31 11:28 - 000377024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-07-10 17:56 - 2018-05-31 11:28 - 000287936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-07-10 17:56 - 2018-05-02 10:32 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2018-07-10 17:56 - 2018-05-02 10:32 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2018-07-10 17:56 - 2018-04-26 08:05 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2018-07-10 17:56 - 2018-04-26 08:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2018-07-10 17:56 - 2018-04-25 11:02 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll 2018-07-10 17:56 - 2018-04-25 10:18 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2018-07-10 17:55 - 2018-06-13 11:23 - 000140992 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-07-10 17:55 - 2018-06-13 11:18 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-07-10 17:55 - 2018-06-08 08:05 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-07-10 17:55 - 2018-06-08 08:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-07-10 10:34 - 2018-07-10 10:34 - 000674634 _____ C:\Users\PLV Pro\Desktop\35d3c6ca-7e9d-4996-b1b2-dd1bee11e1fba12523aa-ccc0-43c2-9eea-2f65d2c352_EDMS_0000009.20180709235528625.136.PDF 2018-07-10 10:33 - 2018-07-10 10:33 - 000679205 _____ C:\Users\PLV Pro\Desktop\ce644834-10db-488f-82e7-6a2e66381779d05e583c-3580-443a-bb4c-f937577b5b_EDMS_0000004.20170930022832057.11.PDF 2018-07-10 10:21 - 2018-07-10 10:21 - 000184320 _____ C:\Users\PLV Pro\Desktop\Mom.experian.com.pdf 2018-07-05 01:29 - 2018-07-05 01:29 - 000000000 ____D C:\Users\PLV Pro\Desktop\Lowes coupon 2018-07-05 00:33 - 2018-07-05 00:33 - 000017222 _____ C:\Users\PLV Pro\Desktop\SDA complete apps 2018-6-12 am.xlsx 2018-07-03 10:20 - 2018-07-03 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2018-07-02 21:29 - 2018-07-02 21:30 - 110775820 _____ C:\Users\PLV Pro\Desktop\Hài trung quốc - Cuộc đời này còn gì để tin tưởng nữa đây [720p].mp4 2018-07-02 03:56 - 2018-07-02 03:57 - 000004136 _____ C:\Users\PLV Pro\Desktop\gc_182MAT11311085_fullgc_2018-07-02-03-56-04.xls 2018-07-01 23:39 - 2018-07-01 23:46 - 000007680 _____ C:\Users\PLV Pro\Desktop\gradebookReport_1530506400090.xls 2018-06-30 18:59 - 2018-06-30 18:59 - 092804965 _____ C:\Users\PLV Pro\Desktop\Hài Trung Quốc - Trăm món, nghìn nghề thế này thì đéo bao giờ chết đói !!!! Haha [720p].mp4 2018-06-29 16:15 - 2018-07-01 23:35 - 000003642 _____ C:\Users\PLV Pro\Desktop\gc_182MAT11311085_fullgc_2018-06-29-16-15-12.xls 2018-06-29 14:06 - 2018-06-29 14:06 - 000189757 _____ C:\Users\PLV Pro\Desktop\il_caid_qrg_eng_09_2017.pdf 2018-06-28 09:46 - 2018-06-28 09:46 - 000000000 ____D C:\Users\PLV Pro\Desktop\New folder (2) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-25 19:27 - 2017-09-25 17:05 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2004868559-321660656-112912198-1001.job 2018-07-25 18:41 - 2017-09-25 17:05 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2004868559-321660656-112912198-1001.job 2018-07-25 15:57 - 2013-06-22 00:40 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\vlc 2018-07-25 13:10 - 2016-05-09 01:04 - 000000550 _____ C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job 2018-07-25 03:48 - 2009-07-13 23:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-07-25 03:48 - 2009-07-13 23:45 - 000032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-07-25 00:45 - 2015-10-06 07:05 - 000003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1444133119 2018-07-25 00:45 - 2015-10-06 07:04 - 000000000 ____D C:\Program Files (x86)\Opera 2018-07-24 17:41 - 2013-06-21 00:12 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-07-24 16:25 - 2017-01-06 20:41 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\ViberPC 2018-07-24 16:25 - 2017-01-06 20:41 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\Viber 2018-07-24 13:55 - 2013-06-24 23:35 - 000000000 ____D C:\Users\PLV Pro\Desktop\113 2018-07-24 03:35 - 2009-07-14 00:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI 2018-07-24 03:35 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf 2018-07-24 03:31 - 2013-08-18 10:18 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\CrashDumps 2018-07-24 03:29 - 2017-01-07 01:20 - 000000000 ____D C:\Users\PLV Pro\AppData\LocalLow\Mozilla 2018-07-24 03:29 - 2016-01-14 19:32 - 000000000 __SHD C:\Users\PLV Pro\IntelGraphicsProfiles 2018-07-24 03:29 - 2013-06-21 00:03 - 000000000 ____D C:\ProgramData\NVIDIA 2018-07-24 03:29 - 2009-07-13 21:34 - 000000592 _____ C:\Windows\win.ini 2018-07-24 03:28 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-07-24 03:24 - 2014-08-16 06:27 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\Adobe 2018-07-24 02:50 - 2013-06-21 00:22 - 000776846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-07-24 02:46 - 2013-12-03 09:52 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\ElevatedDiagnostics 2018-07-23 02:27 - 2013-06-24 23:40 - 000013006 _____ C:\Users\PLV Pro\Desktop\113sent.xlsx 2018-07-22 11:31 - 2016-05-08 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-07-22 11:31 - 2015-09-13 22:44 - 000000000 ____D C:\Program Files (x86)\Java 2018-07-22 11:30 - 2016-05-08 13:41 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2018-07-22 11:21 - 2016-08-08 18:37 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\texstudio 2018-07-17 23:41 - 2013-06-20 23:53 - 000000000 ____D C:\Users\PLV Pro 2018-07-17 19:09 - 2013-10-10 03:54 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\gtk-2.0 2018-07-17 17:58 - 2016-01-19 05:08 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\WinEdt 2018-07-17 16:30 - 2017-09-25 17:05 - 000003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2004868559-321660656-112912198-1001 2018-07-17 16:30 - 2017-09-25 17:05 - 000003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2004868559-321660656-112912198-1001 2018-07-17 16:30 - 2017-09-25 17:05 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\GoToMeeting 2018-07-17 03:29 - 2013-06-21 00:18 - 000000000 ____D C:\Users\PLV Pro\.gimp-2.4 2018-07-17 00:27 - 2016-08-10 11:12 - 000002162 _____ C:\Users\PLV Pro\Desktop\DATWorkflowclassesneeded.txt 2018-07-13 19:47 - 2013-06-21 01:09 - 000000000 ____D C:\ProgramData\Adobe 2018-07-13 19:47 - 2013-06-21 01:09 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-07-13 19:46 - 2013-06-21 00:55 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\Adobe 2018-07-13 19:44 - 2013-06-26 22:56 - 000000000 ___RD C:\Users\PLV Pro\Virtual Machines 2018-07-13 19:43 - 2009-07-13 23:45 - 000474112 _____ C:\Windows\system32\FNTCACHE.DAT 2018-07-13 19:42 - 2014-12-10 13:28 - 000000000 ____D C:\Windows\system32\appraiser 2018-07-13 19:37 - 2013-07-21 08:39 - 000000000 ____D C:\Windows\system32\MRT 2018-07-13 19:34 - 2013-06-21 00:54 - 134675576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-07-13 18:54 - 2015-07-01 02:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-07-13 18:54 - 2014-12-25 13:23 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-07-13 18:42 - 2018-06-16 00:33 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk 2018-07-13 18:42 - 2018-06-16 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-07-13 18:41 - 2014-07-05 04:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-07-13 18:40 - 2016-10-20 23:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-07-13 18:40 - 2014-11-12 11:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-07-12 00:58 - 2018-05-18 21:23 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2018-07-12 00:58 - 2018-05-18 21:23 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2018-07-10 21:25 - 2017-12-14 00:53 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\WhatsApp 2018-07-10 19:16 - 2016-01-01 23:15 - 000004456 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-07-10 19:16 - 2013-06-21 00:54 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-07-10 19:16 - 2013-06-21 00:54 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-07-10 19:16 - 2013-06-21 00:54 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-07-10 19:16 - 2013-06-21 00:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-07-10 19:16 - 2013-06-21 00:54 - 000000000 ____D C:\Windows\system32\Macromed 2018-07-10 18:16 - 2018-03-14 04:16 - 000004468 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-07-08 21:50 - 2018-04-08 04:23 - 000000000 ____D C:\Users\PLV Pro\AppData\Local\WhatsApp 2018-07-08 21:50 - 2017-12-14 00:53 - 000002199 _____ C:\Users\PLV Pro\Desktop\WhatsApp.lnk 2018-07-08 21:50 - 2017-12-14 00:53 - 000000000 ____D C:\Users\PLV Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2018-07-06 23:16 - 2016-08-08 18:37 - 000000000 ____D C:\Program Files (x86)\TeXstudio 2018-07-05 01:30 - 2013-06-24 23:34 - 000000000 ____D C:\Users\PLV Pro\Desktop\Good tips CURRENT TIPS 2018-07-05 01:29 - 2017-12-28 00:06 - 000000000 ____D C:\Users\PLV Pro\Desktop\Gift cards 2018-07-05 01:29 - 2017-10-08 12:31 - 000000000 ____D C:\Users\PLV Pro\Desktop\New folder 2018-07-05 01:29 - 2017-09-27 22:11 - 000000000 ____D C:\Users\PLV Pro\Desktop\New folder (4) 2018-07-03 10:20 - 2016-05-08 22:15 - 000000000 ____D C:\Program Files (x86)\Cisco 2018-07-03 10:20 - 2016-05-08 16:07 - 000000000 ____D C:\ProgramData\Cisco 2018-07-02 14:01 - 2013-06-24 23:40 - 000013176 _____ C:\Users\PLV Pro\Desktop\113email.xlsx ==================== Files in the root of some directories ======= 2018-03-23 08:29 - 2018-03-23 08:34 - 007649280 _____ () C:\Program Files (x86)\GUT879.tmp 2014-09-07 01:36 - 2014-09-07 01:36 - 000893239 _____ () C:\Users\PLV Pro\AppData\Local\a.zip 2014-09-07 01:36 - 2014-09-07 01:36 - 002162416 _____ (Catalina Marketing Corp) C:\Users\PLV Pro\AppData\Local\BcsKtYcHW.dll 2014-10-14 12:41 - 2017-09-26 20:38 - 000029696 _____ () C:\Users\PLV Pro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-23 11:46 - 2015-01-23 11:46 - 000004096 ____H () C:\Users\PLV Pro\AppData\Local\keyfile3.drm 2016-04-03 14:59 - 2018-03-02 01:47 - 000000337 _____ () C:\Users\PLV Pro\AppData\Local\Perfmon.PerfmonCfg 2013-12-25 18:37 - 2013-12-25 18:37 - 000000017 _____ () C:\Users\PLV Pro\AppData\Local\resmon.resmoncfg 2017-05-16 21:17 - 2017-05-16 21:17 - 000000000 _____ () C:\Users\PLV Pro\AppData\Local\{0B5E170B-CE9C-44F9-93FF-F052951E46AD} Some files in TEMP: ==================== 2017-11-16 01:02 - 2017-11-16 01:02 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.021827358598194402.dll 2017-11-17 00:21 - 2017-11-17 00:21 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.028797657102556218.dll 2017-03-19 02:00 - 2017-03-19 02:00 - 016376320 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.03376480452860642.dll 2017-03-01 00:05 - 2017-03-01 00:05 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.05202171082942619.dll 2017-10-08 16:39 - 2017-10-08 16:39 - 016174592 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.11233223380815005.dll 2017-03-01 00:06 - 2017-03-01 00:06 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.13387635537944564.dll 2017-11-14 22:57 - 2017-11-14 22:57 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.13803308178985751.dll 2018-03-02 00:50 - 2018-03-02 00:50 - 016325120 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.18379848529903675.dll 2017-10-23 09:33 - 2017-10-23 09:33 - 016199168 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.19542660229001219.dll 2017-09-30 00:38 - 2017-09-30 00:38 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.19693238111642375.dll 2017-04-02 05:16 - 2017-04-02 05:16 - 016375296 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.20048544465732343.dll 2017-02-28 17:09 - 2017-02-28 17:09 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.20128383570805475.dll 2018-06-19 01:45 - 2018-06-19 01:45 - 016499712 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.21737685280872066.dll 2018-03-02 23:00 - 2018-03-02 23:00 - 016325120 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.2182430434271948.dll 2017-04-02 14:43 - 2017-04-02 14:43 - 016375296 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.2298194718423585.dll 2017-10-23 08:30 - 2017-10-23 08:30 - 016199168 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.23886441886631915.dll 2017-02-28 23:01 - 2017-02-28 23:01 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.26399881844212236.dll 2018-01-31 20:10 - 2018-01-31 20:10 - 016297472 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.2787406634803573.dll 2017-09-30 00:48 - 2017-09-30 00:48 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.3522671717590403.dll 2017-03-18 23:30 - 2017-03-18 23:30 - 016353792 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.35918050522709233.dll 2017-11-14 22:59 - 2017-11-14 22:59 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.3613452200767885.dll 2017-03-29 12:41 - 2017-03-29 12:41 - 016374784 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.3791355170708155.dll 2017-02-28 23:13 - 2017-02-28 23:13 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.4041624956270058.dll 2017-09-30 11:03 - 2017-09-30 11:03 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.41488652214636923.dll 2018-06-10 00:53 - 2018-06-10 00:53 - 016502784 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.42147900549791084.dll 2017-03-01 23:20 - 2017-03-01 23:20 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.4252547623424302.dll 2017-02-28 22:59 - 2017-02-28 22:59 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.4413512804612342.dll 2017-11-23 00:10 - 2017-11-23 00:10 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.46948192265813005.dll 2018-01-27 18:34 - 2018-01-27 18:34 - 016297472 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.470866827067573.dll 2017-10-22 23:12 - 2017-10-22 23:12 - 016199168 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.4712408212604753.dll 2017-11-23 17:39 - 2017-11-23 17:39 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.5152878629323616.dll 2017-11-24 00:30 - 2017-11-24 00:30 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.6166417375341993.dll 2017-11-16 01:03 - 2017-11-16 01:03 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.677824173872728.dll 2017-02-28 23:11 - 2017-02-28 23:11 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.6809995687381178.dll 2017-10-09 07:37 - 2017-10-09 07:37 - 016174592 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.6850681290149054.dll 2017-11-17 00:26 - 2017-11-17 00:26 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7014434713381493.dll 2017-03-25 19:53 - 2017-03-25 19:53 - 016376320 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7098764435823341.dll 2017-09-30 00:39 - 2017-09-30 00:39 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7131702821642412.dll 2018-03-02 00:41 - 2018-03-02 00:41 - 016325120 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7200494529407107.dll 2017-10-08 14:39 - 2017-10-08 14:39 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7253182067956419.dll 2018-04-03 22:35 - 2018-04-03 22:35 - 016348160 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7317770025177245.dll 2017-11-23 00:10 - 2017-11-23 00:10 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7366942012423159.dll 2017-11-21 19:04 - 2017-11-21 19:04 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.737572085795156.dll 2018-04-03 03:21 - 2018-04-03 03:21 - 016348160 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7431598878873323.dll 2017-10-24 13:34 - 2017-10-24 13:34 - 016203776 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7599241124157624.dll 2017-11-21 18:15 - 2017-11-21 18:15 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7636076487138082.dll 2017-11-17 00:28 - 2017-11-17 00:28 - 016217600 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7771492840514688.dll 2017-10-22 20:34 - 2017-10-22 20:34 - 016199168 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.7794877960561438.dll 2017-09-30 00:54 - 2017-09-30 00:54 - 016622080 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.8188007897718723.dll 2018-03-08 02:51 - 2018-03-08 02:51 - 016328192 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.8281324860374784.dll 2017-02-28 23:00 - 2017-02-28 23:00 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.8432338872997673.dll 2017-09-04 00:48 - 2017-09-04 00:48 - 016542208 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.8470547572059771.dll 2018-04-04 00:19 - 2018-04-04 00:19 - 016371200 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.8527045863810324.dll 2017-11-24 00:40 - 2017-11-24 00:40 - 016224256 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.880273886192895.dll 2017-10-08 19:34 - 2017-10-08 19:34 - 016174592 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.891298047027813.dll 2017-02-28 23:11 - 2017-02-28 23:11 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.900731884388942.dll 2017-02-28 17:08 - 2017-02-28 17:08 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9032003753722632.dll 2017-02-28 17:08 - 2017-02-28 17:08 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9180093120807165.dll 2017-03-01 00:05 - 2017-03-01 00:05 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9265384264776058.dll 2017-02-28 23:08 - 2017-02-28 23:08 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9514808037073763.dll 2017-10-08 16:38 - 2017-10-08 16:38 - 016174592 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9818243317798915.dll 2017-03-01 00:08 - 2017-03-01 00:08 - 016331264 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9862480329795252.dll 2018-04-26 22:26 - 2018-04-26 22:26 - 016371200 ____N () C:\Users\PLV Pro\AppData\Local\Temp\javagiac0.9974551614799521.dll 2017-07-20 08:02 - 2017-07-20 08:02 - 000739904 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-07-28 04:03 - 2017-07-28 04:03 - 000740416 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u144-windows-au.exe 2017-10-30 19:55 - 2017-10-30 19:55 - 001856576 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u151-windows-au.exe 2018-01-28 18:27 - 2018-01-28 18:27 - 001864256 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u161-windows-au.exe 2018-04-23 21:39 - 2018-04-23 21:39 - 001884616 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u171-windows-au.exe 2018-07-22 11:30 - 2018-07-22 11:30 - 001906040 _____ (Oracle Corporation) C:\Users\PLV Pro\AppData\Local\Temp\jre-8u181-windows-au.exe 2017-07-28 18:26 - 2017-07-18 17:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\PLV Pro\AppData\Local\Temp\nvStInst.exe 2017-05-19 15:42 - 2017-05-19 15:42 - 014608752 _____ (Samsung Electronics ) C:\Users\PLV Pro\AppData\Local\Temp\Samsung_Magician_Installer.exe 2017-07-07 06:32 - 2018-06-16 00:32 - 063222472 _____ (Skype Technologies S.A.) C:\Users\PLV Pro\AppData\Local\Temp\SkypeSetup.exe 2016-01-25 03:42 - 2016-01-25 03:42 - 006503984 _____ (Microsoft Corporation) C:\Users\PLV Pro\AppData\Local\Temp\vcredist12_x86.exe 2017-03-16 18:21 - 2017-03-16 18:21 - 014456872 _____ (Microsoft Corporation) C:\Users\PLV Pro\AppData\Local\Temp\vc_redist.x86.exe 2017-06-20 14:47 - 2017-08-07 14:24 - 030950664 _____ () C:\Users\PLV Pro\AppData\Local\Temp\vlc-2.2.6-win32.exe 2018-06-18 12:11 - 2018-06-18 12:11 - 040184976 _____ () C:\Users\PLV Pro\AppData\Local\Temp\vlc-3.0.3-win32.exe 2017-07-28 19:20 - 2017-07-28 19:20 - 007178424 _____ (VS Revo Group ) C:\Users\PLV Pro\AppData\Local\Temp\VSUSetup.exe 2017-10-13 15:52 - 2006-05-24 12:10 - 000455600 _____ (Macrovision Corporation) C:\Users\PLV Pro\AppData\Local\Temp\_is81BC.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-09 01:33 ==================== End of FRST.txt ============================ Addition.txt Edited July 26, 2018 by hochoi Link to post Share on other sites More sharing options...
nasdaq Posted July 26, 2018 ID:1259080 Share Posted July 26, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Let me know if the problem persists. fixlist.txt Link to post Share on other sites More sharing options...
hochoi Posted July 26, 2018 Author ID:1259104 Share Posted July 26, 2018 (edited) The problem is still persist, nasdag. I already rebooted the system. ------------------ Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018 Ran by PLV Pro (26-07-2018 10:34:58) Run:1 Running from C:\Users\PLV Pro\Desktop Loaded Profiles: PLV Pro (Available Profiles: PLV Pro) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: Task: {AF66A34E-E2E9-4124-9A5C-051ABAEA5F65} - System32\Tasks\refresh tplink => C:\represhtplink.vbs represhtplink.vbs cmd: del /q C:\Users\PLV Pro\AppData\Local\Temp\*.dll Reboot: End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF66A34E-E2E9-4124-9A5C-051ABAEA5F65}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF66A34E-E2E9-4124-9A5C-051ABAEA5F65}" => removed successfully C:\Windows\System32\Tasks\refresh tplink => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\refresh tplink" => removed successfully represhtplink.vbs => Error: No automatic fix found for this entry. ========= del /q C:\Users\PLV Pro\AppData\Local\Temp\*.dll ========= The system cannot find the path specified. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 10:35:16 ==== Edited July 26, 2018 by hochoi Link to post Share on other sites More sharing options...
nasdaq Posted July 26, 2018 ID:1259130 Share Posted July 26, 2018 Hi, Is this a notifications from Malwarebytes and the computer is running OK? Check this out. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === Link to post Share on other sites More sharing options...
hochoi Posted July 26, 2018 Author ID:1259153 Share Posted July 26, 2018 (edited) The notification is from Malwarebyte (screen shot attached). I have the notification turned off and the computer is still running fine. Edited July 26, 2018 by hochoi Link to post Share on other sites More sharing options...
nasdaq Posted July 30, 2018 ID:1260136 Share Posted July 30, 2018 Hi, This should fix the issue. This is part of the application hardening in the Anti-Exploit component of Malwarebytes. To enable VBScript in IE you must open Malwarebytes and go to Settings>Protection and beneath Real-Time Protection click the Advanced Settings button below the [Exploit Protection[/b] section. Within the Anti-Exploit Settings window that opens, uncheck the box next to Disable Internet Explorer VB Scripting under Browsers in the Application Hardening tab (the first tab). Keep me posted. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 14, 2018 Root Admin ID:1263452 Share Posted August 14, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts