bittit.info

[IMFletch]

For the last few days I get the following warning every 5 minutes.  Anyway to make it stop?

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/24/18
Protection Event Time: 6:02 PM
Log File: a31eebc6-c05e-11e8-bc52-9829a6423a69.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6995
License: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: bittit.info
IP Address: 31.193.139.14
Port: [56337]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These attacks are stopped by Malwarebytes and you are notified accordingly.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png
===

If the program persists run this program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

 

[IMFletch]

Here's the information you requested:

 

Ran by mikes (administrator) on LAPTOP-MN13B3CT (25-09-2018 17:37:13)
Running from C:\Users\mikes\Desktop
Loaded Profiles: mikes (Available Profiles: mikes)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxCUIService.exe
(Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1808.2461.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-02] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3753280 2018-09-25] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3429518722-3328437226-3352820298-1001\...\Run: [GoogleChromeAutoLaunch_114F01C8D741C34A9FEB8D746A5CA220] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{63909803-e272-4984-8986-c643fdab32f6}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3429518722-3328437226-3352820298-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3429518722-3328437226-3352820298-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)

Edge: 
======
Edge Extension: (AdGuard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_2.10.8.0_neutral__m055xr0c82818 [2018-08-31]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.17.1.0_neutral__qq0fmhteeht3j [2018-09-06]

FireFox:
========
FF HKU\S-1-5-21-3429518722-3328437226-3352820298-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\mikes\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> chrome://apps/
CHR StartupUrls: Default -> "chrome://bookmarks/#5203"
CHR NewTab: Default ->  Active:"chrome-extension://dbfmnekepjoapopniengjbcpnbljalfg/index.html"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default [2018-09-25]
CHR Extension: (Google Translate) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-23]
CHR Extension: (ChromeAccess) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh [2018-04-23]
CHR Extension: (Docs) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-23]
CHR Extension: (Google Drive) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-23]
CHR Extension: (CIRC) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebigdkelppomhhjaaianniiifjbgocn [2018-04-23]
CHR Extension: (WhatsChrome) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2018-04-23]
CHR Extension: (AdGuard AdBlocker) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-09-22]
CHR Extension: (YouTube) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-23]
CHR Extension: (Forecastfox (fix version)) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\boljdehmejbffnfiiicckjhafabdepnd [2018-07-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2018-04-23]
CHR Extension: (Infinity New Tab:Productivity&Speed Dial) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfmnekepjoapopniengjbcpnbljalfg [2018-09-07]
CHR Extension: (Word Search) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2018-04-23]
CHR Extension: (Google Play Music) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-07-18]
CHR Extension: (Biticker) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fblekdojabihjdhndhmloalbcnnejddl [2018-04-23]
CHR Extension: (Sheets) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-23]
CHR Extension: (Sudoku) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmlndabchaefnniikpjgobkkkfepipb [2018-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (InoReader Enhancements) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplhofhphfekaflbghoggkbgfoblaamo [2018-04-23]
CHR Extension: (Google Photos) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2018-04-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-09-06]
CHR Extension: (AirDroid) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2018-04-23]
CHR Extension: (Bring Google View Image Back) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjhnncdcllbkacphdmdabdajfcnnnld [2018-04-23]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2018-07-29]
CHR Extension: (Forecastfox) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2018-04-23]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2018-09-23]
CHR Extension: (Inoreader Companion) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfimphpokifbjgmjflanmfeppcjimgah [2018-04-23]
CHR Extension: (Inbox Checker for ProtonMail) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\khohmflpainliicgcnenjnldnmffnaec [2018-04-23]
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2018-04-23]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-09-03]
CHR Extension: (Google Mail Checker) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2018-04-23]
CHR Extension: (Web for Android Messages) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdidedjglchgdgenhicpmdpagiihfej [2018-09-17]
CHR Extension: (Mahjong Solitaire) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2018-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Remote Torrent Adder) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2018-04-23]
CHR Extension: (Weather Underground) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2018-04-23]
CHR Extension: (Gmail) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\mikes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-04]
CHR HKU\S-1-5-21-3429518722-3328437226-3352820298-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [347024 2017-06-01] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2272472 2017-06-07] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-26] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-09-25] (Dropbox, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [169576 2017-07-27] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] ( )
S2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-24] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-24] (The OpenVPN Project)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2018-03-09] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2018-03-09] (Acer Incorporated)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-30] (Microsoft Corporation)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [102912 2017-10-05] () [File not signed]
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-30] (Microsoft Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605584 2017-06-01] (Qualcomm)
S3 dbx; C:\WINDOWS\System32\DRIVERS\dbx.sys [45640 2018-09-11] (Dropbox, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-03] (Malwarebytes)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [22320 2017-06-06] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [109872 2018-09-25] (Malwarebytes)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R1 MpKsl2b5288c2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC2FC9CE-5BF0-4A4D-A2EC-891886ACF48D}\MpKsl2b5288c2.sys [58120 2018-09-25] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_d424a07e89ab274a\nvlddmkm.sys [17036560 2018-03-08] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-02] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-02] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15664 2017-06-06] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-17] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-10] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-25 17:37 - 2018-09-25 17:37 - 000023344 _____ C:\Users\mikes\Desktop\FRST.txt
2018-09-25 16:44 - 2018-09-25 17:37 - 000000000 ____D C:\FRST
2018-09-25 16:43 - 2018-09-25 16:43 - 002414080 _____ (Farbar) C:\Users\mikes\Downloads\FRST64.exe
2018-09-25 16:43 - 2018-09-25 16:43 - 002414080 _____ (Farbar) C:\Users\mikes\Desktop\FRST64.exe
2018-09-25 15:49 - 2018-09-25 15:49 - 000073427 _____ C:\Users\mikes\Downloads\Skyscraper.2018.1080p.WEB.H.264.MKV.597066.torrent
2018-09-25 15:27 - 2018-09-25 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-09-25 04:52 - 2018-09-25 04:52 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-09-25 04:52 - 2018-09-25 04:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-09-25 04:52 - 2018-09-25 04:52 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-09-25 04:52 - 2018-09-25 04:52 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-09-24 19:31 - 2018-09-24 19:31 - 000013769 _____ C:\Users\mikes\Downloads\Magnum.P.I.S01E01.720p.HDTV.x264-AVS.[BTN].torrent
2018-09-24 18:16 - 2018-09-24 18:17 - 000000000 ____D C:\AdwCleaner
2018-09-23 22:03 - 2018-09-23 22:46 - 000000000 ____D C:\Program Files (x86)\BleachBit
2018-09-23 22:03 - 2018-09-23 22:03 - 000000000 ____D C:\Users\mikes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
2018-09-23 22:03 - 2018-09-23 22:03 - 000000000 ____D C:\Users\mikes\AppData\Roaming\BleachBit
2018-09-17 18:04 - 2018-09-17 18:04 - 000271679 _____ C:\Users\mikes\Desktop\instantpot-NEW.pdf
2018-09-17 16:43 - 2018-09-17 16:43 - 000000000 ____D C:\Users\mikes\AppData\Local\mbam
2018-09-15 18:35 - 2018-09-15 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-09-12 16:38 - 2018-08-31 00:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-12 16:38 - 2018-08-31 00:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-12 16:38 - 2018-08-30 23:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-12 16:38 - 2018-08-30 20:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-12 16:38 - 2018-08-30 20:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-12 16:38 - 2018-08-30 20:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-12 16:38 - 2018-08-30 20:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-12 16:38 - 2018-08-30 20:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-12 16:38 - 2018-08-30 20:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-12 16:38 - 2018-08-30 20:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-12 16:38 - 2018-08-30 20:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-12 16:38 - 2018-08-30 20:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-12 16:38 - 2018-08-30 20:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-12 16:38 - 2018-08-30 20:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-12 16:38 - 2018-08-30 20:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-12 16:38 - 2018-08-30 20:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-12 16:38 - 2018-08-30 20:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-12 16:38 - 2018-08-30 20:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-12 16:38 - 2018-08-30 20:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-12 16:38 - 2018-08-30 20:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-12 16:38 - 2018-08-30 20:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-12 16:38 - 2018-08-30 20:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-12 16:38 - 2018-08-30 20:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-12 16:38 - 2018-08-30 20:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-12 16:38 - 2018-08-30 20:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-12 16:38 - 2018-08-30 20:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-12 16:38 - 2018-08-30 20:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-12 16:38 - 2018-08-30 20:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-12 16:38 - 2018-08-30 20:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-12 16:38 - 2018-08-30 20:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-12 16:38 - 2018-08-30 20:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-12 16:38 - 2018-08-30 20:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-12 16:38 - 2018-08-30 20:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-12 16:38 - 2018-08-28 00:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-12 16:38 - 2018-08-27 23:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-12 16:38 - 2018-08-09 02:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-12 16:38 - 2018-08-09 02:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-12 16:38 - 2018-08-09 02:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-12 16:38 - 2018-08-09 02:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-12 16:38 - 2018-08-09 02:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-12 16:38 - 2018-08-09 02:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-12 16:38 - 2018-08-09 02:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-12 16:38 - 2018-08-09 01:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-12 16:38 - 2018-08-09 01:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-12 16:38 - 2018-08-08 22:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-12 16:38 - 2018-08-08 21:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-12 16:38 - 2018-08-08 21:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-12 16:38 - 2018-08-08 21:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-12 16:38 - 2018-08-08 21:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-12 16:38 - 2018-08-08 21:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-12 16:38 - 2018-08-08 21:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-12 16:38 - 2018-08-08 21:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-12 16:38 - 2018-08-08 21:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-12 16:38 - 2018-08-08 21:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-12 16:38 - 2018-08-08 21:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-12 16:38 - 2018-08-08 21:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-12 16:38 - 2018-08-08 21:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-12 16:38 - 2018-08-08 21:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-12 16:38 - 2018-08-08 21:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-12 16:38 - 2018-08-08 21:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-12 16:37 - 2018-08-31 00:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-12 16:37 - 2018-08-31 00:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-12 16:37 - 2018-08-31 00:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-12 16:37 - 2018-08-31 00:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-12 16:37 - 2018-08-31 00:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-12 16:37 - 2018-08-31 00:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-12 16:37 - 2018-08-31 00:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-12 16:37 - 2018-08-31 00:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-12 16:37 - 2018-08-31 00:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-12 16:37 - 2018-08-31 00:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-12 16:37 - 2018-08-31 00:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-12 16:37 - 2018-08-31 00:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-12 16:37 - 2018-08-31 00:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-12 16:37 - 2018-08-31 00:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-12 16:37 - 2018-08-30 23:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-12 16:37 - 2018-08-30 23:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-12 16:37 - 2018-08-30 23:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-12 16:37 - 2018-08-30 23:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-12 16:37 - 2018-08-30 23:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-12 16:37 - 2018-08-30 23:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-12 16:37 - 2018-08-30 23:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-12 16:37 - 2018-08-30 23:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-12 16:37 - 2018-08-30 20:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-12 16:37 - 2018-08-30 20:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-12 16:37 - 2018-08-30 20:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-12 16:37 - 2018-08-30 20:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-12 16:37 - 2018-08-30 20:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-12 16:37 - 2018-08-30 20:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-12 16:37 - 2018-08-30 20:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-12 16:37 - 2018-08-30 20:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-12 16:37 - 2018-08-30 20:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-12 16:37 - 2018-08-30 20:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-12 16:37 - 2018-08-30 20:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-12 16:37 - 2018-08-30 20:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-12 16:37 - 2018-08-30 20:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-12 16:37 - 2018-08-30 20:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-12 16:37 - 2018-08-30 20:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-12 16:37 - 2018-08-30 20:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-12 16:37 - 2018-08-30 20:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-12 16:37 - 2018-08-30 20:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-12 16:37 - 2018-08-30 20:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-12 16:37 - 2018-08-30 20:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-12 16:37 - 2018-08-30 20:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-12 16:37 - 2018-08-30 20:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-12 16:37 - 2018-08-30 20:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-12 16:37 - 2018-08-30 20:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-12 16:37 - 2018-08-30 20:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-12 16:37 - 2018-08-30 20:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-12 16:37 - 2018-08-30 20:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-12 16:37 - 2018-08-30 20:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-12 16:37 - 2018-08-30 20:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-12 16:37 - 2018-08-30 20:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-12 16:37 - 2018-08-30 20:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-12 16:37 - 2018-08-30 20:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-12 16:37 - 2018-08-30 20:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-12 16:37 - 2018-08-30 20:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-12 16:37 - 2018-08-30 20:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-12 16:37 - 2018-08-30 20:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-12 16:37 - 2018-08-30 20:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-12 16:37 - 2018-08-30 20:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-12 16:37 - 2018-08-30 20:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-12 16:37 - 2018-08-30 20:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-12 16:37 - 2018-08-30 20:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-12 16:37 - 2018-08-30 20:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-12 16:37 - 2018-08-30 20:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-12 16:37 - 2018-08-30 20:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-12 16:37 - 2018-08-30 20:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-12 16:37 - 2018-08-30 20:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-12 16:37 - 2018-08-30 20:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-12 16:37 - 2018-08-30 18:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-12 16:37 - 2018-08-27 23:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-12 16:37 - 2018-08-27 23:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-12 16:37 - 2018-08-27 23:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-12 16:37 - 2018-08-27 22:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-12 16:37 - 2018-08-13 19:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-12 16:37 - 2018-08-13 19:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-12 16:37 - 2018-08-09 02:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-12 16:37 - 2018-08-09 02:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-12 16:37 - 2018-08-09 02:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-12 16:37 - 2018-08-09 02:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-12 16:37 - 2018-08-09 02:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-12 16:37 - 2018-08-09 02:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-12 16:37 - 2018-08-09 02:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-12 16:37 - 2018-08-09 02:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-12 16:37 - 2018-08-09 02:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-12 16:37 - 2018-08-09 02:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-12 16:37 - 2018-08-09 02:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-12 16:37 - 2018-08-09 02:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-12 16:37 - 2018-08-09 02:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-12 16:37 - 2018-08-09 02:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-12 16:37 - 2018-08-09 02:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-12 16:37 - 2018-08-09 02:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-12 16:37 - 2018-08-09 02:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-12 16:37 - 2018-08-09 02:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-12 16:37 - 2018-08-09 02:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-12 16:37 - 2018-08-09 02:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-12 16:37 - 2018-08-09 02:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-12 16:37 - 2018-08-09 02:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-12 16:37 - 2018-08-09 01:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-12 16:37 - 2018-08-09 01:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-12 16:37 - 2018-08-09 01:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-12 16:37 - 2018-08-09 01:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-12 16:37 - 2018-08-09 01:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-12 16:37 - 2018-08-09 01:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-12 16:37 - 2018-08-09 01:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-12 16:37 - 2018-08-09 01:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-12 16:37 - 2018-08-09 01:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-12 16:37 - 2018-08-09 01:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-12 16:37 - 2018-08-09 01:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-12 16:37 - 2018-08-09 01:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-12 16:37 - 2018-08-09 01:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-12 16:37 - 2018-08-09 01:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-12 16:37 - 2018-08-09 01:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-12 16:37 - 2018-08-09 01:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-12 16:37 - 2018-08-09 01:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-12 16:37 - 2018-08-09 01:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-12 16:37 - 2018-08-08 22:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-12 16:37 - 2018-08-08 21:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-12 16:37 - 2018-08-08 21:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-12 16:37 - 2018-08-08 21:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-12 16:37 - 2018-08-08 21:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-12 16:37 - 2018-08-08 21:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-12 16:37 - 2018-08-08 21:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-12 16:37 - 2018-08-08 21:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-12 16:37 - 2018-08-08 21:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-12 16:37 - 2018-08-08 21:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-12 16:37 - 2018-08-08 21:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-12 16:37 - 2018-08-08 21:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-12 16:37 - 2018-08-08 21:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-12 16:37 - 2018-08-08 21:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-12 16:37 - 2018-08-08 21:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-12 16:37 - 2018-08-08 21:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-12 16:37 - 2018-08-08 21:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-12 16:37 - 2018-08-08 21:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-12 16:37 - 2018-08-08 21:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-12 16:37 - 2018-08-08 21:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-12 16:37 - 2018-08-08 21:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-12 16:37 - 2018-08-08 21:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-12 16:37 - 2018-08-08 21:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-12 16:37 - 2018-08-08 21:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-12 16:37 - 2018-08-08 21:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-12 16:37 - 2018-08-08 21:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-12 16:37 - 2018-08-08 21:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-12 16:37 - 2018-08-08 21:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-12 16:37 - 2018-08-08 21:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-12 16:37 - 2018-08-08 21:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-12 16:37 - 2018-08-08 21:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-12 16:37 - 2018-08-08 21:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-12 16:37 - 2018-08-08 21:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-12 16:37 - 2018-08-08 21:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-12 16:37 - 2018-08-08 21:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-12 16:37 - 2018-08-08 21:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-12 16:37 - 2018-08-08 21:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-12 16:37 - 2018-08-08 21:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-12 16:37 - 2018-08-08 21:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-12 16:37 - 2018-08-08 21:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-12 16:37 - 2018-08-08 21:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-12 16:37 - 2018-08-08 21:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-12 16:37 - 2018-08-08 21:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-12 16:37 - 2018-08-08 20:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-12 16:37 - 2018-08-08 20:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-11 04:54 - 2018-09-11 04:54 - 000045640 ____N (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2018-09-10 15:49 - 2018-09-15 18:35 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-10 15:48 - 2018-09-10 15:48 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2018-09-10 15:39 - 2018-09-10 15:39 - 000000032 _____ C:\Users\mikes\CCUpdate.ini
2018-09-07 01:02 - 2018-09-07 01:02 - 000000600 _____ C:\Users\mikes\PUTTY.RND
2018-09-07 01:02 - 2018-09-07 01:02 - 000000600 _____ C:\Users\mikes\AppData\Roaming\PUTTY.RND
2018-09-05 16:15 - 2018-09-05 16:15 - 000038933 _____ C:\Users\mikes\Desktop\wgsslvpnc.exe_V12, 0, 0, 0_B543202-2018.09.05-16.15.21.dmp
2018-09-03 18:24 - 2018-09-25 15:31 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-09-03 18:24 - 2018-09-24 18:18 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-03 18:24 - 2018-09-24 18:18 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-09-03 18:24 - 2018-09-24 18:18 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-09-03 18:24 - 2018-09-03 18:24 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll
2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_1.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-25 17:35 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-25 17:08 - 2018-05-28 17:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-25 16:53 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-25 16:53 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-25 16:14 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-25 15:29 - 2018-04-23 22:11 - 000000000 ____D C:\Users\mikes\Setup
2018-09-25 15:27 - 2018-04-26 16:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-09-25 15:26 - 2018-04-23 21:26 - 000000000 __SHD C:\Users\mikes\IntelGraphicsProfiles
2018-09-24 22:14 - 2018-04-23 21:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-09-24 18:24 - 2018-05-28 17:41 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-24 18:24 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-24 18:18 - 2018-05-28 17:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-24 18:18 - 2018-04-26 16:20 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-24 18:18 - 2018-04-26 16:20 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-24 18:18 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-09-24 18:17 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-09-23 22:47 - 2018-04-26 21:19 - 000000000 ____D C:\Users\mikes\AppData\Local\CrashDumps
2018-09-23 22:46 - 2018-06-13 20:34 - 000000000 ____D C:\Users\mikes\AppData\Local\D3DSCache
2018-09-23 22:46 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-22 08:00 - 2018-05-28 17:38 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 08:00 - 2018-05-28 17:38 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-21 18:19 - 2018-04-29 02:01 - 000000000 ____D C:\Users\mikes\AppData\Local\PlaceholderTileLogoFolder
2018-09-21 15:30 - 2018-04-27 16:38 - 000000000 ____D C:\Users\mikes\AppData\Local\Packages
2018-09-21 15:24 - 2018-05-28 17:38 - 000004188 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-19 19:02 - 2018-08-09 17:25 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-19 19:02 - 2018-08-09 17:25 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-09-17 15:33 - 2018-04-23 21:30 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-15 18:35 - 2017-10-23 19:29 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-15 18:34 - 2017-10-23 19:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-12 21:29 - 2018-05-28 17:33 - 000399584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-12 21:28 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-12 21:28 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-12 21:28 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-12 21:28 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-12 21:28 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-11 16:04 - 2018-04-24 16:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-11 16:03 - 2018-04-24 16:38 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-10 15:48 - 2018-04-11 16:34 - 000002231 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-10 15:48 - 2018-04-11 16:34 - 000002231 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-10 15:39 - 2018-05-28 17:35 - 000000000 ____D C:\Users\mikes
2018-09-07 05:53 - 2018-04-26 22:03 - 000000000 ____D C:\Users\mikes\AppData\Roaming\FileZilla
2018-09-07 05:53 - 2018-04-25 17:02 - 000000600 _____ C:\Users\mikes\AppData\Local\PUTTY.RND
2018-09-07 03:21 - 2018-04-26 22:03 - 000000000 ____D C:\Users\mikes\AppData\Local\FileZilla
2018-09-07 00:57 - 2018-04-26 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-09-07 00:57 - 2018-04-26 16:20 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2018-09-04 19:16 - 2018-04-23 21:30 - 000000000 ____D C:\Users\mikes\AppData\Local\Google
2018-09-04 16:04 - 2018-04-11 16:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-04 16:04 - 2018-04-11 16:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-03 18:24 - 2018-06-09 22:41 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-09-02 10:04 - 2018-04-23 21:26 - 000000000 ____D C:\Users\mikes\AppData\Local\ConnectedDevicesPlatform

==================== Files in the root of some directories =======

2018-04-12 13:15 - 2018-04-12 13:15 - 013619968 _____ (Piriform Ltd) C:\Users\mikes\CCleaner.exe
2018-04-12 13:15 - 2018-04-12 13:15 - 018334528 _____ (Piriform Ltd) C:\Users\mikes\CCleaner64.exe
2018-04-12 13:16 - 2018-04-12 13:16 - 000520736 _____ (Piriform Ltd) C:\Users\mikes\CCUpdate.exe
2018-04-12 13:17 - 2018-04-12 13:17 - 000346240 _____ (Piriform Ltd) C:\Users\mikes\uninst.exe
2018-09-07 01:02 - 2018-09-07 01:02 - 000000600 _____ () C:\Users\mikes\AppData\Roaming\PUTTY.RND
2018-04-25 17:02 - 2018-09-07 05:53 - 000000600 _____ () C:\Users\mikes\AppData\Local\PUTTY.RND

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 17:33

Addition.txt

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists have a look at this MBAM setting.
These attacks are stopped by Malwarebytes and you are notified accordingly.

Check the Notifications settings.
Change the setting Show Malwarebytes Notifications to Off
https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png

===

Let me know if the problem persists.

fixlist.txt

Edited September 26, 2018 by nasdaq

[IMFletch]

The problem does appear to be persisting.  I turned off notifications.  Malwarebytes now appears to be classifying it as a "Trojan" in the category column.  I don't remember that being the case yesterday, but I may be wrong.  I've attached "Fixlog.txt" here as requested.  Please let me know if there's anything else I can try.  I appreciate your help.

Fixlog.txt

[nasdaq]

Hi,

Please post the MBAM log for my review.

 

[IMFletch]

How do I find and produce the MBAM log?

[nasdaq]

Run Malwarebytes, scan the computer and post the log.

[IMFletch]

Here you go.

9-28 Log.txt

[nasdaq]

That log is clean.

Is the problem persisting?

Are we OK?

 

 

[IMFletch]

Have barely been on the laptop this week.  Now on it this morning for a few hours it looks like it's stopped.  No more instances.  Thank you for your time and help!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks