Jump to content

Trojan:Win32/Occamy.C persistent on computer


Recommended Posts

Hello joe55555 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/18
Scan Time: 3:27 PM
Log File: ed825e42-edcb-11e8-bda5-dc4a3ef7b57a.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7959
License: Trial

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: DESKTOP-BEFV696\admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288004
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 11 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-21-2018
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by admin (administrator) on DESKTOP-BEFV696 (21-11-2018 15:49:57)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Discord Inc.) C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Discord Inc.) C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Discord Inc.) C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Discord Inc.) C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Run: [Discord] => C:\Users\admin\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-09] (Valve Corporation)
HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [34910608 2018-11-14] (Epic Games, Inc.)
HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1384840 2018-10-04] (Nota Inc.)
HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b0a334bb-6627-40ac-9818-e851ea1eeb81}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-11-21]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-14]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-14]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-14]
CHR Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-10-07] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-01-28] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [138872 2018-10-29] (TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (Apple Inc.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-11-20] (Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-21] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_9172c4e962e5b3ee\nvlddmkm.sys [17200384 2018-07-04] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [770304 2015-11-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-07-31] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-21 15:49 - 2018-11-21 15:49 - 000000000 ____D C:\Users\admin\Downloads\FRST-OlderVersion
2018-11-21 15:47 - 2018-11-21 15:47 - 001388448 _____ C:\Users\Public\VOIP.dat
2018-11-21 15:43 - 2018-11-21 15:52 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-21 15:43 - 2018-11-21 15:43 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-21 15:43 - 2018-11-21 15:43 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-21 15:42 - 2018-11-21 15:42 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-21 15:39 - 2018-11-21 15:39 - 000001232 _____ C:\Users\admin\Desktop\malwarebyteslog.txt
2018-11-21 15:29 - 2018-11-21 15:40 - 000000000 ____D C:\AdwCleaner
2018-11-21 15:28 - 2018-11-21 15:28 - 007592144 _____ (Malwarebytes) C:\Users\admin\Downloads\adwcleaner_7.2.4.0.exe
2018-11-20 20:21 - 2018-11-20 20:21 - 000036203 _____ C:\Users\admin\Downloads\Addition.txt
2018-11-20 20:17 - 2018-11-21 15:53 - 000012239 _____ C:\Users\admin\Downloads\FRST.txt
2018-11-20 20:16 - 2018-11-21 15:49 - 002416640 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2018-11-20 20:16 - 2018-11-21 15:49 - 000000000 ____D C:\FRST
2018-11-20 19:50 - 2018-11-20 19:50 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-20 19:05 - 2018-11-20 19:05 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-20 19:05 - 2018-11-20 19:05 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-20 19:05 - 2018-11-20 19:05 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-20 19:05 - 2018-11-20 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-20 19:05 - 2018-11-20 19:05 - 000000000 ____D C:\Program Files\CCleaner
2018-11-20 19:01 - 2018-11-20 19:02 - 018071560 _____ (Piriform Software Ltd) C:\Users\admin\Downloads\ccsetup549.exe
2018-11-20 18:46 - 2018-11-20 18:46 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-20 18:46 - 2018-11-20 18:46 - 000000000 ____D C:\Users\admin\AppData\Local\mbamtray
2018-11-20 18:46 - 2018-11-20 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-20 18:45 - 2018-11-20 19:49 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-20 17:04 - 2018-11-20 18:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\JJSploit
2018-11-19 16:41 - 2018-11-19 16:41 - 000004549 _____ C:\Users\admin\Downloads\AutoClicker - Shortcut.lnk
2018-11-19 16:32 - 2018-11-19 16:32 - 000788763 _____ C:\Users\admin\Desktop\AutoClicker.exe
2018-11-19 16:32 - 2018-11-19 16:32 - 000000000 ____D C:\Users\admin\Documents\AutomaticSolution Software
2018-11-17 18:15 - 2018-11-17 18:25 - 000000000 ____D C:\Users\admin\Desktop\ULTIVAX
2018-11-17 17:24 - 2018-11-17 17:24 - 000000000 ____D C:\Users\admin\Documents\Lightshot
2018-11-14 17:41 - 2018-11-21 15:47 - 001388448 _____ C:\Users\Public\ASR.dat
2018-11-13 19:54 - 2018-11-01 06:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 19:54 - 2018-11-01 06:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 19:54 - 2018-11-01 06:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 19:54 - 2018-11-01 06:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 19:54 - 2018-11-01 06:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 19:54 - 2018-11-01 06:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 19:54 - 2018-11-01 06:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 19:54 - 2018-11-01 06:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 19:54 - 2018-11-01 06:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 19:54 - 2018-11-01 06:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 19:54 - 2018-11-01 05:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 19:54 - 2018-11-01 04:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 19:54 - 2018-11-01 04:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 19:54 - 2018-11-01 04:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 19:54 - 2018-11-01 04:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 19:54 - 2018-11-01 04:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 19:54 - 2018-11-01 04:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 19:54 - 2018-11-01 02:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 19:54 - 2018-11-01 02:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 19:54 - 2018-11-01 02:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 19:54 - 2018-11-01 02:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 19:54 - 2018-11-01 02:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 19:54 - 2018-11-01 02:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 19:54 - 2018-11-01 02:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 19:54 - 2018-11-01 02:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 19:54 - 2018-11-01 02:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 19:54 - 2018-11-01 02:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 19:54 - 2018-11-01 02:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 19:54 - 2018-11-01 02:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 19:54 - 2018-11-01 02:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 19:54 - 2018-11-01 02:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 19:54 - 2018-11-01 02:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 19:54 - 2018-11-01 02:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 19:54 - 2018-11-01 02:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 19:54 - 2018-11-01 02:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 19:54 - 2018-11-01 02:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 19:54 - 2018-11-01 02:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 19:54 - 2018-11-01 02:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 19:54 - 2018-11-01 02:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 19:54 - 2018-11-01 02:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 19:54 - 2018-11-01 02:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 19:54 - 2018-11-01 02:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 19:54 - 2018-11-01 02:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 19:54 - 2018-11-01 02:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 19:54 - 2018-11-01 02:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 19:54 - 2018-11-01 01:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 19:54 - 2018-11-01 01:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 19:54 - 2018-11-01 01:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 19:54 - 2018-11-01 01:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 19:54 - 2018-11-01 01:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 19:54 - 2018-11-01 01:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 19:54 - 2018-11-01 01:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 19:54 - 2018-11-01 01:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 19:54 - 2018-11-01 01:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 19:54 - 2018-11-01 01:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 19:54 - 2018-11-01 01:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 19:54 - 2018-11-01 01:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 19:54 - 2018-11-01 01:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 19:54 - 2018-11-01 01:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 19:54 - 2018-11-01 01:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 19:54 - 2018-11-01 01:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 19:54 - 2018-11-01 01:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 19:54 - 2018-11-01 01:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 19:54 - 2018-11-01 01:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 19:54 - 2018-11-01 01:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 19:54 - 2018-11-01 00:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 19:54 - 2018-10-31 23:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 19:54 - 2018-10-31 23:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 19:54 - 2018-10-31 23:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 19:54 - 2018-10-31 23:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 19:54 - 2018-10-31 23:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 19:54 - 2018-10-31 23:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 19:54 - 2018-10-31 23:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 19:54 - 2018-10-31 23:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 19:54 - 2018-10-31 23:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 19:54 - 2018-10-31 23:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 19:54 - 2018-10-31 23:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 19:54 - 2018-10-31 23:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 19:54 - 2018-10-31 23:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 19:54 - 2018-10-31 23:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 19:54 - 2018-10-31 23:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 19:54 - 2018-10-31 23:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 19:54 - 2018-10-31 23:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 19:54 - 2018-10-31 23:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 19:54 - 2018-10-31 23:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 19:54 - 2018-10-31 23:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 19:54 - 2018-10-31 23:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 19:54 - 2018-10-31 23:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 19:54 - 2018-10-31 23:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 19:54 - 2018-10-31 23:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 19:54 - 2018-10-31 23:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 19:54 - 2018-10-31 23:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 19:54 - 2018-10-31 23:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 19:54 - 2018-10-31 23:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 19:54 - 2018-10-31 23:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 19:54 - 2018-10-21 08:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 19:54 - 2018-10-21 08:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 19:54 - 2018-10-21 08:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 19:54 - 2018-10-21 08:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 19:54 - 2018-10-21 07:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 19:54 - 2018-10-21 07:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 19:54 - 2018-10-21 07:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 19:54 - 2018-10-21 07:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 19:54 - 2018-10-21 07:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 19:54 - 2018-10-21 07:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 19:54 - 2018-10-21 07:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 19:54 - 2018-10-21 06:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 19:54 - 2018-10-21 06:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 19:54 - 2018-10-21 06:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 19:54 - 2018-10-21 06:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 19:54 - 2018-10-21 06:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 19:54 - 2018-10-21 06:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 19:54 - 2018-10-21 06:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 19:54 - 2018-10-21 02:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 19:54 - 2018-10-21 02:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 19:54 - 2018-10-21 02:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 19:54 - 2018-10-21 02:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 19:54 - 2018-10-21 02:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 19:54 - 2018-10-21 02:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 19:54 - 2018-10-21 02:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 19:54 - 2018-10-21 02:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 19:54 - 2018-10-21 02:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 19:54 - 2018-10-21 02:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 19:54 - 2018-10-21 02:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 19:54 - 2018-10-21 02:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 19:54 - 2018-10-21 02:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 19:54 - 2018-10-21 02:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 19:54 - 2018-10-21 02:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 19:54 - 2018-10-21 02:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 19:54 - 2018-10-21 02:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 19:54 - 2018-10-21 02:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 19:54 - 2018-10-21 02:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 19:54 - 2018-10-21 02:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 19:54 - 2018-10-21 02:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 19:54 - 2018-10-21 02:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 19:54 - 2018-10-21 02:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 19:54 - 2018-10-21 02:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 19:54 - 2018-10-21 02:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 19:54 - 2018-10-21 02:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 19:54 - 2018-10-21 02:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 19:54 - 2018-10-21 02:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 19:54 - 2018-10-21 02:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 19:54 - 2018-10-21 02:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 19:54 - 2018-10-21 02:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 19:54 - 2018-10-21 02:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 19:54 - 2018-10-21 02:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 19:54 - 2018-10-21 02:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 19:54 - 2018-10-21 02:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 19:54 - 2018-10-21 02:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 19:54 - 2018-10-21 02:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 19:54 - 2018-10-21 01:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 19:54 - 2018-10-21 01:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 19:54 - 2018-10-21 00:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 19:54 - 2018-10-21 00:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-13 19:53 - 2018-11-01 06:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 19:53 - 2018-11-01 06:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 19:53 - 2018-11-01 06:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 19:53 - 2018-11-01 06:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 19:53 - 2018-11-01 06:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 19:53 - 2018-11-01 06:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 19:53 - 2018-11-01 06:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 19:53 - 2018-11-01 06:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 19:53 - 2018-11-01 06:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 19:53 - 2018-11-01 06:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 19:53 - 2018-11-01 04:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 19:53 - 2018-11-01 04:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 19:53 - 2018-11-01 04:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 19:53 - 2018-11-01 04:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 19:53 - 2018-11-01 02:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 19:53 - 2018-11-01 02:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 19:53 - 2018-11-01 02:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 19:53 - 2018-11-01 02:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 19:53 - 2018-11-01 02:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 19:53 - 2018-11-01 02:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 19:53 - 2018-11-01 02:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 19:53 - 2018-11-01 02:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 19:53 - 2018-11-01 02:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 19:53 - 2018-11-01 02:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 19:53 - 2018-11-01 02:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 19:53 - 2018-11-01 02:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 19:53 - 2018-11-01 02:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 19:53 - 2018-11-01 02:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 19:53 - 2018-11-01 01:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 19:53 - 2018-11-01 01:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 19:53 - 2018-11-01 01:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 19:53 - 2018-11-01 01:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 19:53 - 2018-11-01 01:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 19:53 - 2018-11-01 01:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 19:53 - 2018-11-01 01:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 19:53 - 2018-11-01 01:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 19:53 - 2018-11-01 01:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 19:53 - 2018-11-01 01:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 19:53 - 2018-11-01 01:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 19:53 - 2018-11-01 00:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-13 19:53 - 2018-10-31 23:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 19:53 - 2018-10-31 23:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 19:53 - 2018-10-31 23:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 19:53 - 2018-10-31 23:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 19:53 - 2018-10-31 23:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 19:53 - 2018-10-31 23:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 19:53 - 2018-10-31 23:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 19:53 - 2018-10-31 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 19:53 - 2018-10-31 23:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 19:53 - 2018-10-31 23:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 19:53 - 2018-10-31 23:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 19:53 - 2018-10-31 23:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 19:53 - 2018-10-31 23:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 19:53 - 2018-10-31 23:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 19:53 - 2018-10-31 23:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 19:53 - 2018-10-21 08:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 19:53 - 2018-10-21 07:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 19:53 - 2018-10-21 07:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 19:53 - 2018-10-21 07:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 19:53 - 2018-10-21 07:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 19:53 - 2018-10-21 07:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 19:53 - 2018-10-21 07:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 19:53 - 2018-10-21 07:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 19:53 - 2018-10-21 07:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 19:53 - 2018-10-21 06:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 19:53 - 2018-10-21 06:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 19:53 - 2018-10-21 06:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 19:53 - 2018-10-21 06:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 19:53 - 2018-10-21 06:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 19:53 - 2018-10-21 04:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 19:53 - 2018-10-21 03:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 19:53 - 2018-10-21 02:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 19:53 - 2018-10-21 02:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 19:53 - 2018-10-21 02:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 19:53 - 2018-10-21 02:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 19:53 - 2018-10-21 02:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 19:53 - 2018-10-21 02:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 19:53 - 2018-10-21 02:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 19:53 - 2018-10-21 02:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 19:53 - 2018-10-21 02:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 19:53 - 2018-10-21 02:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 19:53 - 2018-10-21 02:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 19:53 - 2018-10-21 02:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 19:53 - 2018-10-21 02:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 19:53 - 2018-10-21 02:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 19:53 - 2018-10-21 02:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 19:53 - 2018-10-21 02:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 19:53 - 2018-10-21 02:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 19:53 - 2018-10-21 02:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 19:53 - 2018-10-21 02:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 19:53 - 2018-10-21 02:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 19:53 - 2018-10-21 02:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 19:53 - 2018-10-21 02:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 19:53 - 2018-10-21 02:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 19:53 - 2018-10-21 02:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 19:53 - 2018-10-21 02:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 19:53 - 2018-10-21 02:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 19:53 - 2018-10-21 02:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 19:53 - 2018-10-21 02:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 19:53 - 2018-10-21 01:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 19:53 - 2018-10-21 01:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 19:53 - 2018-10-21 01:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 19:53 - 2018-04-27 23:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-04 22:57 - 2018-11-04 22:57 - 000002219 _____ C:\Users\admin\AppData\Local\recently-used.xbel
2018-11-04 22:52 - 2018-11-04 22:52 - 000014994 _____ C:\Users\admin\Downloads\part.nc
2018-11-04 22:48 - 2018-11-04 22:48 - 000004835 _____ C:\Users\admin\Downloads\drawing.svg
2018-11-04 22:46 - 2018-11-04 22:46 - 000004835 _____ C:\Users\admin\drawing.svg
2018-11-04 22:22 - 2018-11-04 22:22 - 000011692 _____ C:\Users\admin\Downloads\inkscape-unicorn-master.zip
2018-11-04 22:19 - 2018-11-04 22:19 - 000023089 _____ C:\Users\admin\SCHOOLCNC.dxf
2018-11-04 22:17 - 2018-11-04 22:17 - 000000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2018-11-04 22:16 - 2018-11-04 22:16 - 000001972 _____ C:\Users\admin\Desktop\CAMotics.lnk
2018-11-04 22:16 - 2018-11-04 22:16 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAMotics
2018-11-04 22:15 - 2018-11-04 22:16 - 000000000 ____D C:\Program Files (x86)\CAMotics
2018-11-04 22:14 - 2018-11-04 22:14 - 036465224 _____ C:\Users\admin\Downloads\camotics_1.1.1_AMD64.exe
2018-11-04 22:12 - 2018-11-04 22:12 - 000009469 _____ C:\Users\admin\SCHOOLCNC.gcode.svg
2018-11-04 22:02 - 2018-11-04 22:02 - 000000000 ____D C:\Users\admin\AppData\Local\fontconfig
2018-11-04 22:01 - 2018-11-04 22:01 - 000000000 ____D C:\Users\admin\AppData\Roaming\inkscape
2018-11-04 21:57 - 2018-11-04 21:57 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2018-11-04 21:57 - 2018-11-04 21:57 - 000000853 _____ C:\Users\Public\Desktop\Inkscape.lnk
2018-11-04 21:56 - 2018-11-04 22:00 - 000000000 ____D C:\Program Files\Inkscape
2018-11-04 21:53 - 2018-11-04 21:56 - 067460478 _____ (Inkscape project) C:\Users\admin\Downloads\inkscape-0.92.3-x64.exe
2018-11-04 21:39 - 2018-11-04 21:39 - 000045613 _____ C:\Users\admin\Downloads\CanadianFlag.dxf
2018-11-04 18:25 - 2018-11-04 18:25 - 000000000 ____D C:\Users\admin\AppData\Roaming\TunnelBear
2018-11-04 18:25 - 2018-11-04 18:25 - 000000000 ____D C:\Users\admin\AppData\Local\IsolatedStorage
2018-11-04 18:24 - 2018-11-21 15:43 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-11-04 18:24 - 2018-11-04 18:24 - 000001968 _____ C:\Users\Public\Desktop\TunnelBear.lnk
2018-11-04 18:24 - 2018-11-04 18:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2018-11-04 18:22 - 2018-11-04 18:23 - 090262952 _____ (TunnelBear) C:\Users\admin\Downloads\TunnelBear-Installer.exe
2018-10-28 22:41 - 2018-10-28 22:41 - 000011071 _____ C:\Users\admin\Downloads\Cover Letter -  October 2018.pdf
2018-10-28 22:41 - 2018-10-28 22:41 - 000009764 _____ C:\Users\admin\Downloads\Resume - October 2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-21 15:48 - 2018-09-15 11:22 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-21 15:48 - 2018-09-13 19:27 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-21 15:48 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-21 15:43 - 2018-09-14 19:52 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2018-11-21 15:43 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-21 15:43 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-21 15:42 - 2018-09-15 03:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-21 15:42 - 2018-09-14 19:46 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-21 15:40 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-21 15:26 - 2018-09-15 02:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-20 19:20 - 2018-09-14 21:03 - 000000000 ___DC C:\WINDOWS\Panther
2018-11-20 19:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-20 18:44 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-20 16:11 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-16 18:46 - 2018-10-03 16:25 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-11-16 18:00 - 2018-10-09 20:18 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-16 18:00 - 2018-10-09 20:18 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-15 17:20 - 2018-09-14 21:04 - 000000000 ____D C:\Program Files\rempl
2018-11-14 17:48 - 2018-09-15 10:31 - 000001429 _____ C:\Users\admin\Desktop\Roblox Player.lnk
2018-11-14 17:48 - 2018-09-15 10:30 - 000001244 _____ C:\Users\admin\Desktop\Roblox Studio.lnk
2018-11-14 17:48 - 2018-09-15 10:30 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-11-14 17:46 - 2018-09-13 16:42 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-14 17:46 - 2018-09-13 16:42 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-14 17:37 - 2018-09-15 03:07 - 000000000 ___RD C:\Users\admin\3D Objects
2018-11-14 17:37 - 2018-09-13 16:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 17:35 - 2018-09-15 02:44 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 17:32 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 17:32 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 17:32 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 17:32 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 01:14 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 01:14 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 01:14 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-13 22:05 - 2018-09-15 02:56 - 000000000 ____D C:\Users\admin
2018-11-13 20:07 - 2018-09-14 21:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 20:05 - 2018-09-14 21:04 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-07 18:51 - 2018-09-15 03:03 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3622501891-3624835608-610064590-1001
2018-11-07 18:51 - 2018-09-15 02:56 - 000002363 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-07 18:51 - 2018-09-13 16:41 - 000000000 ___RD C:\Users\admin\OneDrive
2018-11-04 22:16 - 2018-09-15 16:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-28 15:09 - 2018-09-15 09:38 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2018-10-27 16:08 - 2018-09-16 20:36 - 000000000 ____D C:\Users\admin\AppData\Local\PlaceholderTileLogoFolder
2018-10-23 15:24 - 2018-09-15 03:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2018-11-14 17:41 - 2018-11-21 15:47 - 001388448 _____ () C:\Users\Public\ASR.dat
2018-11-21 15:47 - 2018-11-21 15:47 - 001388448 _____ () C:\Users\Public\VOIP.dat
2018-11-04 22:57 - 2018-11-04 22:57 - 000002219 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2018-09-15 16:04 - 2018-09-15 16:04 - 000000003 _____ () C:\Users\admin\AppData\Local\updater.log
2018-09-15 16:05 - 2018-09-15 16:05 - 000000425 _____ () C:\Users\admin\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 02:44

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by admin (21-11-2018 15:56:07)
Running from C:\Users\admin\Downloads
Windows 10 Home Version 1803 17134.407 (X64) (2018-09-15 08:06:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3622501891-3624835608-610064590-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3622501891-3624835608-610064590-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3622501891-3624835608-610064590-503 - Limited - Disabled)
Guest (S-1-5-21-3622501891-3624835608-610064590-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3622501891-3624835608-610064590-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CAMotics (HKLM-x32\...\CAMotics) (Version: 1.1.1 - Cauldron Development LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Discord (HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gyazo 3.4.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4727 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Roblox Player for admin (HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Player for admin (HKU\S-1-5-21-3622501891-3624835608-610064590-1001\...\roblox-player) (Version:  - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.0 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TunnelBear (HKLM-x32\...\{58a01650-b45c-443b-a51e-90f586a63532}) (Version: 3.7.2.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{C7E7F8CF-E23A-4FC1-8AAC-8710A70490E3}) (Version: 3.7.2.0 - TunnelBear) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124769.inf_amd64_e5e7af49c5a8fe4b\igfxDTCM.dll [2017-10-12] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BD80C8F-A63D-4FAD-81C6-E154808EBEAD} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2018-10-04] (Nota Inc.)
Task: {248AE36A-527F-4BF5-9BEC-99081AB1C40C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {3AC04531-468E-4BC7-95D7-20C144C56938} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {3D63E2C4-7EA5-4625-8536-FDF9EF3793F1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {4BC5180A-069C-4DB6-B49E-EA367241A0DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {4DD369C9-9B1B-44D5-8D66-8B503975B2FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {6586E2CE-300C-42B4-A71E-251B6B42E3A6} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2018-10-04] (Nota Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {763BFC24-85A5-45D1-90A4-6F5AA22BC038} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {9AB7F455-EC6D-4B66-9928-1C264FB0E33B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {A674108C-0209-45CD-B1E4-136C0C7AD03F} - System32\Tasks\update-S-1-5-21-3622501891-3624835608-610064590-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {D38286A1-5FD8-4B15-B4EB-5CBC6166686B} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {D55670BD-A073-48B9-9A56-308746E19352} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {FA0D1A40-8884-4D32-AB89-0B224BB4B77C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {FED683FC-7D27-4266-8D2F-F0C19C9BA322} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-3622501891-3624835608-610064590-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-04 17:03 - 2018-04-04 17:03 - 000173760 _____ () C:\WINDOWS\system32\IntelWifiIhv04.dll
2018-08-22 21:18 - 2018-08-22 21:18 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-22 21:18 - 2018-08-22 21:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-11-20 18:45 - 2018-11-20 19:49 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-20 18:45 - 2018-11-20 19:49 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 19:54 - 2018-11-01 01:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-06 17:29 - 2018-11-06 17:29 - 000070144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-11-06 17:29 - 2018-11-06 17:29 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-10-08 22:00 - 2018-10-08 22:00 - 004389888 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-10-07 20:08 - 2018-10-07 20:09 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-10-07 20:09 - 2018-10-07 20:09 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-10-07 20:09 - 2018-10-07 20:09 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-11-14 17:46 - 2018-11-08 17:14 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libglesv2.dll
2018-11-14 17:46 - 2018-11-08 17:14 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libegl.dll
2018-10-29 17:09 - 2018-10-29 17:09 - 000030720 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.Wrapper.dll
2018-10-29 17:09 - 2018-10-29 17:09 - 000167424 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll
2018-09-15 10:20 - 2018-04-30 22:01 - 001891672 _____ () C:\Users\admin\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-09-15 10:20 - 2018-04-30 22:01 - 001937752 _____ () C:\Users\admin\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-09-15 10:20 - 2018-04-30 22:01 - 000095576 _____ () C:\Users\admin\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-09-15 10:20 - 2018-11-05 18:54 - 011283288 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-09-15 10:20 - 2018-11-15 18:57 - 001639256 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-09-15 10:20 - 2018-09-15 10:20 - 001910104 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-09-15 10:20 - 2018-09-15 10:20 - 000422744 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-09-15 10:20 - 2018-09-15 10:20 - 000145240 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-09-15 10:20 - 2018-09-15 10:20 - 000512856 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-09-15 10:20 - 2018-11-15 18:57 - 001658712 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-10-02 15:15 - 2018-10-10 15:14 - 009621848 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
2018-09-15 10:20 - 2018-11-08 20:02 - 001718104 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-09-15 10:20 - 2018-09-15 10:20 - 002722648 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-09-15 10:22 - 2018-11-09 19:47 - 001261400 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-09-15 10:22 - 2018-11-14 17:41 - 024875864 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-09-15 10:22 - 2018-09-15 10:22 - 002760536 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-09-15 10:22 - 2018-09-15 10:22 - 001249112 _____ () \\?\C:\Users\admin\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2018-11-21 15:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622501891-3624835608-610064590-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{83D99DFF-9E0F-4EFE-940D-3EE6C42C4597}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2221654F-1604-4F90-9FDF-35481C4AD172}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{168EA155-0CBE-4CD3-909B-A1E08B3A4D82}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BA3BDA0F-ED8A-40ED-B633-49DE46E9B3F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5572CD45-6ED7-4D61-8C1A-87358E4AB2BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{473F02AC-595F-4641-974F-17E16A82CB75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B99D922A-A234-49CC-AE45-4D740386B635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{C2D59BC9-D4A8-457C-88E3-32F8833D0E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{2242B82B-E638-470A-BDC3-76F6FC9705CC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DEDA422C-A299-4C2C-A005-8CC1A3539051}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{EC49ADFC-607D-4CEE-96C3-9E9C6FDAB487}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{CB640A6B-8A22-4143-99A1-72AD963AC39A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{ED712AB6-CFB1-4512-A2D9-8F315BF27E9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F5A74C57-B772-440E-8A1B-0B3084D2F293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{EB30F5B2-4224-449D-A233-4A4D22131CE1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{11C7A053-E262-4D0C-834C-45A40005C8DC}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{8553EDD0-A0B1-48BA-894B-972157B68418}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{6E0EC956-C154-4F91-B7F0-1B8040A252B9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{7382A20B-36D5-4EB9-8F38-3F3A4A0EFEAB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{34C9DE13-3313-46E4-9529-68ADA6C09C5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A69D105-FB1D-4565-B8EC-A2F116017E9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B3DA4C9-C21C-4144-AEC3-520D2BFA8692}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95F99F1A-3D16-4145-9D19-812478693BDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3332A211-A6ED-45D1-AB9A-9BF4F77593D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{C50C9C7F-765A-4AC8-9F44-021B03A8ED56}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{1FFB45CF-662F-422E-BF51-DE9725B3A985}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{32EA7903-D892-4404-B631-00A418A34B33}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{EA536EB6-0DD2-428D-B599-5E04D11997D7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

02-11-2018 19:30:50 Windows Modules Installer
03-11-2018 21:30:28 Windows Modules Installer
04-11-2018 23:31:13 Windows Modules Installer
12-11-2018 19:53:36 Scheduled Checkpoint
15-11-2018 17:35:29 Windows Modules Installer
17-11-2018 17:35:24 Windows Modules Installer
18-11-2018 19:35:35 Windows Modules Installer
20-11-2018 17:35:30 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2018 03:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: ntdll.dll, version: 10.0.17134.376, time stamp: 0x60d78cf9
Exception code: 0xc0000005
Fault offset: 0x000000000001d979
Faulting process id: 0x25f8
Faulting application start time: 0x01d4812b34ee9ef4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6cb7bc83-43f2-4a08-8286-df90be484a87
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/21/2018 02:22:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10803047

Error: (11/21/2018 02:22:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10803047

Error: (11/21/2018 02:22:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/20/2018 11:22:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1766

Error: (11/20/2018 11:22:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1766

Error: (11/20/2018 11:22:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2018 05:25:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 309797


System errors:
=============
Error: (11/21/2018 03:48:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (11/21/2018 03:47:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BEFV696)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-BEFV696\admin SID (S-1-5-21-3622501891-3624835608-610064590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 03:45:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 03:45:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 03:45:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BEFV696)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-BEFV696\admin SID (S-1-5-21-3622501891-3624835608-610064590-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 03:43:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (11/21/2018 03:43:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (11/21/2018 03:43:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-11-21 15:30:18.981
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0C97C987-60EE-4051-AF80-23ED613FD1A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-20 19:48:20.405
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\admin\AppData\Local\Programs\jjsploit\resources\r_attachment.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\admin\AppData\Local\Temp\~nsu.tmp\Un_A.exe
Signature Version: AV: 1.281.501.0, AS: 1.281.501.0, NIS: 1.281.501.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-20 19:12:45.598
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZJZ6FVXK\JJSploitDESKTOP-BEFV696\adminv4[1].exe
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\CCleaner\CCleaner64.exe
Signature Version: AV: 1.281.501.0, AS: 1.281.501.0, NIS: 1.281.501.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-20 18:54:22.953
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\admin\AppData\Roaming\JJSploit\__installer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.281.501.0, AS: 1.281.501.0, NIS: 1.281.501.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-20 18:54:14.259
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Users\admin\AppData\Roaming\JJSploit\__installer.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Signature Version: AV: 1.281.501.0, AS: 1.281.501.0, NIS: 1.281.501.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

CodeIntegrity:
===================================

Date: 2018-11-21 15:53:34.584
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:34.580
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:26.264
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:26.262
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:16.180
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:16.177
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:13.901
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-21 15:53:13.898
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 12126.84 MB
Available physical RAM: 8227.07 MB
Total Virtual: 13982.84 MB
Available Virtual: 9492.37 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:697.23 GB) (Free:510.38 GB) NTFS

\\?\Volume{958f2f6a-fc0a-452d-9ffd-a5138b943bdd}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{8e0612be-2855-4480-ac96-420df649108f}\ () (Fixed) (Total:0.85 GB) (Free:0.34 GB) NTFS
\\?\Volume{6b69348b-b3c1-4748-8be6-f6ddff34935f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A5D30C92)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by admin (21-11-2018 17:20:41) Run:1
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468] 
C:\Users\admin\AppData\Roaming\JJSploit
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
RemoveProxy:
EmptyTemp:
Hosts:
CMD: ipconfig /flushDNS
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\admin\AppData\Roaming\JJSploit => moved successfully

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3622501891-3624835608-610064590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3622501891-3624835608-610064590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 98561421 B
Java, Flash, Steam htmlcache => 85064454 B
Windows/system/drivers => 551965 B
Edge => 1308623 B
Chrome => 805391866 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 17987 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 3472 B
NetworkService => 0 B
admin => 267122477 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:25:04 ====

Here is that log.

 

I will post the Sophos log once the scan is completed, however it looks like its going to take a very long time.

 

 

Link to post
Share on other sites

2018-11-21 22:43:11.756    Sophos Virus Removal Tool version 2.7.0
2018-11-21 22:43:11.756    Copyright (c) 2009-2018 Sophos Limited. All rights reserved.

2018-11-21 22:43:11.756    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-11-21 22:43:11.756    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2018-11-21 22:43:11.757    Checking for updates...
2018-11-21 22:43:11.785    Update progress: proxy server not available
2018-11-21 22:43:24.633    Option all = no
2018-11-21 22:43:24.633    Option recurse = yes
2018-11-21 22:43:24.633    Option archive = no
2018-11-21 22:43:24.633    Option service = yes
2018-11-21 22:43:24.633    Option confirm = yes
2018-11-21 22:43:24.633    Option sxl = yes
2018-11-21 22:43:24.635    Option max-data-age = 35
2018-11-21 22:43:24.635    Option vdl-logging = yes
2018-11-21 22:43:24.641    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2018-11-21 22:43:24.641    Machine ID:    b8f7271f9efd457ba227faaeb502e83e
2018-11-21 22:43:24.642    Component SVRTcli.exe version 2.7.0
2018-11-21 22:43:24.642    Component control.dll version 2.7.0
2018-11-21 22:43:24.643    Component SVRTservice.exe version 2.7.0
2018-11-21 22:43:24.643    Component engine\osdp.dll version 1.44.1.2432
2018-11-21 22:43:24.643    Component engine\veex.dll version 3.74.1.2432
2018-11-21 22:43:24.643    Component engine\savi.dll version 9.0.12.2432
2018-11-21 22:43:24.676    Component rkdisk.dll version 1.5.33.1
2018-11-21 22:43:24.677    Version info:    Product version    2.7.0
2018-11-21 22:43:24.677    Version info:    Detection engine    3.74.1
2018-11-21 22:43:24.677    Version info:    Detection data    5.57
2018-11-21 22:43:24.677    Version info:    Build date    11/13/2018
2018-11-21 22:43:24.677    Version info:    Data files added    145
2018-11-21 22:43:24.677    Version info:    Last successful update    (not yet updated)
2018-11-21 22:43:27.806    Downloading updates...
2018-11-21 22:43:27.809    Update progress: [I96736] sdds.svrt_v1.8: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-11-21 22:43:27.809    Update progress: [I95020] sdds.svrt_v1.8: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-11-21 22:43:27.809    Update progress: [I22529] sdds.svrt_v1.8: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-11-21 22:43:27.809    Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2018-11-21 22:43:27.809    Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2018-11-21 22:43:27.809    Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2018-11-21 22:43:27.809    Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2018-11-21 22:43:27.809    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2018-11-21 22:43:27.809    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 78 ms
2018-11-21 22:43:27.809    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0b06322bb6ade7d3469f7b0762917a38x000.xml: 2955 bytes
2018-11-21 22:43:27.809    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0b06322bb6ade7d3469f7b0762917a38x000.xml: 110 ms
2018-11-21 22:43:27.809    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d31fb0a3d8044b9d136b85ad727e055ex000.xml: 8673 bytes
2018-11-21 22:43:27.809    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d31fb0a3d8044b9d136b85ad727e055ex000.xml: 62 ms
2018-11-21 22:43:27.809    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE560/f27d648953d6d791ea6f11f8a90db8c6x000.xml: 590 bytes
2018-11-21 22:43:27.809    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE560/f27d648953d6d791ea6f11f8a90db8c6x000.xml: 31 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2018-11-21 22:43:27.810    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 47 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 601 bytes
2018-11-21 22:43:27.810    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 47 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 601 bytes
2018-11-21 22:43:27.810    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 31 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 601 bytes
2018-11-21 22:43:27.810    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 31 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 601 bytes
2018-11-21 22:43:27.810    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 47 ms
2018-11-21 22:43:27.810    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 601 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 47 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 601 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 46 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 601 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 32 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 601 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 47 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE558/b4b546d49a6b852e27940ad27c2e9e45x000.xml: 1093 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE558/b4b546d49a6b852e27940ad27c2e9e45x000.xml: 46 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE559/1b891e97f164abff021fa3b9fd61924ex000.xml: 17234 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE559/1b891e97f164abff021fa3b9fd61924ex000.xml: 79 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d48a6743668ae40aad35bfcdbb4eb4d7x000.xml: 615 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d48a6743668ae40aad35bfcdbb4eb4d7x000.xml: 31 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1c6f6a99e848ad128f795e5f304c8758x000.xml: 320 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1c6f6a99e848ad128f795e5f304c8758x000.xml: 63 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 47 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2018-11-21 22:43:27.811    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 47 ms
2018-11-21 22:43:27.811    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 32 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 62 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 63 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 44df079c17c27192400c73a86d16785fx000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 44df079c17c27192400c73a86d16785fx000.xml: 31 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e72c50dc4507dfba988367b178eda4ax000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e72c50dc4507dfba988367b178eda4ax000.xml: 47 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 47 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 47 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46e9b0f78df0d20502af43f391ffc506x000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46e9b0f78df0d20502af43f391ffc506x000.xml: 172 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: eaba289b0a9e187ed96137c42bf85645x000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: eaba289b0a9e187ed96137c42bf85645x000.xml: 141 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4e261308128b5b42bf54c232030ea27x000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4e261308128b5b42bf54c232030ea27x000.xml: 31 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 1027 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 94 ms
2018-11-21 22:43:27.812    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 338 bytes
2018-11-21 22:43:27.812    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 31 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 65b7509646b00610cf1732a01f49a46fx000.xml: 1027 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 65b7509646b00610cf1732a01f49a46fx000.xml: 47 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f6ec5061dd7e77923111541727311aa2x000.xml: 338 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f6ec5061dd7e77923111541727311aa2x000.xml: 32 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 1027 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 46 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ace8e7b646829af68be5b32bbcc82570x000.xml: 338 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ace8e7b646829af68be5b32bbcc82570x000.xml: 32 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 35f3c16dcc6caf4c67db6c1ac7dfbccex000.xml: 877 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 35f3c16dcc6caf4c67db6c1ac7dfbccex000.xml: 32 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8653348e9502d224794a7ac9d334e93bx000.xml: 338 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8653348e9502d224794a7ac9d334e93bx000.xml: 46 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7fe1eebcf235024389043a634ef20366x000.xml: 1027 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7fe1eebcf235024389043a634ef20366x000.xml: 32 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9ec625dcb3a242e1fece93286451a352x000.xml: 338 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9ec625dcb3a242e1fece93286451a352x000.xml: 47 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c81fa83a721e5a7d758facabaf49ae15x000.xml: 877 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c81fa83a721e5a7d758facabaf49ae15x000.xml: 78 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4a8012a70ca59b5b1562a57e02ccb6dax000.xml: 320 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4a8012a70ca59b5b1562a57e02ccb6dax000.xml: 62 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3926e071e2faea1ae53c1bef31fe369ex000.xml: 877 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3926e071e2faea1ae53c1bef31fe369ex000.xml: 31 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2400334935c9470722406a349c6d4489x000.xml: 332 bytes
2018-11-21 22:43:27.813    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2400334935c9470722406a349c6d4489x000.xml: 31 ms
2018-11-21 22:43:27.813    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 17a02c825dd9852f0324491f787d6edex000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 17a02c825dd9852f0324491f787d6edex000.xml: 32 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e615a9e7307638bbc1dd1d681fff4bb3x000.xml: 332 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e615a9e7307638bbc1dd1d681fff4bb3x000.xml: 31 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b7f2805e6ec6d5c3a068af19ca46aefbx000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b7f2805e6ec6d5c3a068af19ca46aefbx000.xml: 47 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6ab1620ad2476e6a2badef3eeb9da398x000.xml: 332 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6ab1620ad2476e6a2badef3eeb9da398x000.xml: 63 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: abdd7cdff57af216f3df8eded147c239x000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: abdd7cdff57af216f3df8eded147c239x000.xml: 78 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 08322ae22015d4657a60e74967a79c9ex000.xml: 333 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 08322ae22015d4657a60e74967a79c9ex000.xml: 47 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c3309747d6af23a9d4038dc45d2a1866x000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c3309747d6af23a9d4038dc45d2a1866x000.xml: 62 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8067c1f4460ad61c0a5da7de98dd44c0x000.xml: 333 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8067c1f4460ad61c0a5da7de98dd44c0x000.xml: 32 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7910369679fe19ddc4fb034eb97800fcx000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7910369679fe19ddc4fb034eb97800fcx000.xml: 46 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d4c53236b97c7b4c351844dea6e7484ax000.xml: 333 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d4c53236b97c7b4c351844dea6e7484ax000.xml: 32 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: afb1aed8e500a13092a99cf99d3cc205x000.xml: 877 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: afb1aed8e500a13092a99cf99d3cc205x000.xml: 63 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e0b5c41dddc8121d772cd8b3e75077d6x000.xml: 333 bytes
2018-11-21 22:43:27.814    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e0b5c41dddc8121d772cd8b3e75077d6x000.xml: 47 ms
2018-11-21 22:43:27.814    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f0b1855df81ee1efae76541443629325x000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f0b1855df81ee1efae76541443629325x000.xml: 156 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c86c6ac94e25869ad2a222b7e1ef88f1x000.xml: 333 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c86c6ac94e25869ad2a222b7e1ef88f1x000.xml: 125 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5a84e733f13382cdfc507dc186771bb3x000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5a84e733f13382cdfc507dc186771bb3x000.xml: 47 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d65f83b3f69aa7cf226138d20ec216d5x000.xml: 333 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d65f83b3f69aa7cf226138d20ec216d5x000.xml: 31 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 75cc8e991d4953678eed3f37446fb72cx000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 75cc8e991d4953678eed3f37446fb72cx000.xml: 47 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3d695ca89d5bfbc4af0201fbb3d74bd0x000.xml: 335 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3d695ca89d5bfbc4af0201fbb3d74bd0x000.xml: 31 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 41a20910bf089b91a7c11600c252c695x000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 41a20910bf089b91a7c11600c252c695x000.xml: 47 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 928af89b3cd6be64c8ebdfa47c7a378dx000.xml: 335 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 928af89b3cd6be64c8ebdfa47c7a378dx000.xml: 47 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 342ee1de9aa504275f1991022be38a64x000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 342ee1de9aa504275f1991022be38a64x000.xml: 62 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f0229b6cee8efa5f8532da2efba155b4x000.xml: 335 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f0229b6cee8efa5f8532da2efba155b4x000.xml: 31 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d91a5b74e9997ec9c97369323889d5f7x000.xml: 877 bytes
2018-11-21 22:43:27.815    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d91a5b74e9997ec9c97369323889d5f7x000.xml: 63 ms
2018-11-21 22:43:27.815    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8e9b2862f31a3b4ba6867cf8c88f5156x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8e9b2862f31a3b4ba6867cf8c88f5156x000.xml: 31 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8977b4c38559ba084db781be37d12d93x000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8977b4c38559ba084db781be37d12d93x000.xml: 31 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a579a22f1d6f52c37c83ff5f8024bb10x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a579a22f1d6f52c37c83ff5f8024bb10x000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 796aa6bb355f8867cb609e3c1960aa61x000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 796aa6bb355f8867cb609e3c1960aa61x000.xml: 78 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6c880eae5dd492910fccc008d93834a2x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6c880eae5dd492910fccc008d93834a2x000.xml: 62 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d6791148629164d8a52f021a74299497x000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d6791148629164d8a52f021a74299497x000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b81f33beda6a042527845cc917f4a1f4x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b81f33beda6a042527845cc917f4a1f4x000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4ff693e3cde03374127f89d5735a341ex000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4ff693e3cde03374127f89d5735a341ex000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5042f6d8e32dbf0d5a71cc62ffe9a981x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5042f6d8e32dbf0d5a71cc62ffe9a981x000.xml: 63 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f087e17838e56158266f2d0504f35becx000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f087e17838e56158266f2d0504f35becx000.xml: 31 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0475ce09de5036b20169239e6801db52x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0475ce09de5036b20169239e6801db52x000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c9fb815d4549fa4760101e22a48d1dd8x000.xml: 877 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c9fb815d4549fa4760101e22a48d1dd8x000.xml: 47 ms
2018-11-21 22:43:27.816    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d410065a613dabf88da8de263875cfb7x000.xml: 335 bytes
2018-11-21 22:43:27.816    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d410065a613dabf88da8de263875cfb7x000.xml: 31 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 86c63e6b6028d69f59ca886da186f10ex000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 86c63e6b6028d69f59ca886da186f10ex000.xml: 47 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e1d71cca388f1538a17f9f6993985ba4x000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e1d71cca388f1538a17f9f6993985ba4x000.xml: 47 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: dffd814c4c1497287ada7869ca204c89x000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: dffd814c4c1497287ada7869ca204c89x000.xml: 47 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3f9dc40c2e16a464949be3755569cc0cx000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3f9dc40c2e16a464949be3755569cc0cx000.xml: 62 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6832f5610caecdc1313f0f7ade826270x000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6832f5610caecdc1313f0f7ade826270x000.xml: 47 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fd17f6e34cb0fdc19d4e6a04bdeff0f4x000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fd17f6e34cb0fdc19d4e6a04bdeff0f4x000.xml: 78 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 139d73734745350a9bae4a69bfc5f611x000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 139d73734745350a9bae4a69bfc5f611x000.xml: 32 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 971a76da309440c6946794184a99a5fcx000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 971a76da309440c6946794184a99a5fcx000.xml: 32 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b85f397d2f8ce49908fd26e50fdc0a3ex000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b85f397d2f8ce49908fd26e50fdc0a3ex000.xml: 46 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 621262e162999c9d01e15837f176aac9x000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 621262e162999c9d01e15837f176aac9x000.xml: 47 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8dba439734875304693b1d7d6bccbd36x000.xml: 877 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8dba439734875304693b1d7d6bccbd36x000.xml: 62 ms
2018-11-21 22:43:27.817    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: db32b990fab122090653c0eb20293f34x000.xml: 335 bytes
2018-11-21 22:43:27.817    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: db32b990fab122090653c0eb20293f34x000.xml: 47 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c57db52715c296a8cf1904b8c749db73x000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c57db52715c296a8cf1904b8c749db73x000.xml: 125 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7cbb50890091ca75850af1ff02b43eadx000.xml: 335 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7cbb50890091ca75850af1ff02b43eadx000.xml: 47 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1cc3dd37859c5f96157afd6a42ca6c76x000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1cc3dd37859c5f96157afd6a42ca6c76x000.xml: 47 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ecd2a0e7a87cab17cf536a7ae6b15e44x000.xml: 335 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ecd2a0e7a87cab17cf536a7ae6b15e44x000.xml: 47 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 92c54d4f56128f4d0a22ab849292cad3x000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 92c54d4f56128f4d0a22ab849292cad3x000.xml: 31 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0ba4713b9584bb7d910b801db0ec311ax000.xml: 335 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0ba4713b9584bb7d910b801db0ec311ax000.xml: 31 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a3e61b5a20585b7001ef2196222da2bfx000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a3e61b5a20585b7001ef2196222da2bfx000.xml: 63 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a9a5b9aee095f500358b48ef84085166x000.xml: 335 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a9a5b9aee095f500358b48ef84085166x000.xml: 62 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: def14287e303d5a22252426a5edf549fx000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: def14287e303d5a22252426a5edf549fx000.xml: 47 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: fec93b1300a8ae7025e91e2702dd89a1x000.xml: 335 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: fec93b1300a8ae7025e91e2702dd89a1x000.xml: 31 ms
2018-11-21 22:43:27.818    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 439d3bb5d3da76b25f6379a82143a0e3x000.xml: 877 bytes
2018-11-21 22:43:27.818    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 439d3bb5d3da76b25f6379a82143a0e3x000.xml: 47 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cd23999e924cdbc60a2b1646b9c2ae92x000.xml: 335 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cd23999e924cdbc60a2b1646b9c2ae92x000.xml: 47 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7dc7e34d5f1acfe3fc8c790866cb3123x000.xml: 877 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7dc7e34d5f1acfe3fc8c790866cb3123x000.xml: 47 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c102b840371cb0fe09f37e2f445ef617x000.xml: 335 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c102b840371cb0fe09f37e2f445ef617x000.xml: 47 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 35e51ef82e6af934433913b376b6ccbdx000.xml: 877 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 35e51ef82e6af934433913b376b6ccbdx000.xml: 140 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ae602fe4b2e12961e91499f358569b91x000.xml: 335 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ae602fe4b2e12961e91499f358569b91x000.xml: 63 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ca43fffc79e474851d873e1a559757e5x000.xml: 1027 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ca43fffc79e474851d873e1a559757e5x000.xml: 93 ms
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b4e101fc90e039a53a0ddc381aa29d57x000.xml: 335 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b4e101fc90e039a53a0ddc381aa29d57x000.xml: 47 ms
2018-11-21 22:43:27.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE558 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-11-21 22:43:27.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE558 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE558 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE559 LATEST path= baseVersion= [included from product IDE558 LATEST path=]
2018-11-21 22:43:27.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE559 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE559 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE560 LATEST path= baseVersion= [included from product IDE559 LATEST path=]
2018-11-21 22:43:27.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE560 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE560 LATEST path=
2018-11-21 22:43:27.819    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-11-21 22:43:27.819    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6d5b42261b0873d2548169c32a11d986x000.xml: 79124 bytes
2018-11-21 22:43:27.819    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6d5b42261b0873d2548169c32a11d986x000.xml: 203 ms
2018-11-21 22:43:27.819    Update progress: [I19463] Product download size 207692565 bytes
2018-11-21 22:43:51.195    Update progress: [I19463] Syncing product IDE558 LATEST path=
2018-11-21 22:43:51.195    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 732041eb13cb23c2be762e60d5ab61c4x000.xml: 27989 bytes
2018-11-21 22:43:51.195    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 732041eb13cb23c2be762e60d5ab61c4x000.xml: 79 ms
2018-11-21 22:43:51.195    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cebeb5b6c7f63efc54bb90e8d5b91543x000.xml: 397 bytes
2018-11-21 22:43:51.195    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cebeb5b6c7f63efc54bb90e8d5b91543x000.xml: 31 ms
2018-11-21 22:43:51.195    Update progress: [I19463] Product download size 2891242 bytes
2018-11-21 22:43:52.662    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 57d5d626bf9231839a292f9e4174924fx000.xml: 6643 bytes
2018-11-21 22:43:52.662    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 57d5d626bf9231839a292f9e4174924fx000.xml: 156 ms
2018-11-21 22:43:52.722    Update progress: [I19463] Syncing product IDE559 LATEST path=
2018-11-21 22:43:52.722    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f1735de1b32d1bfa2a73f9326ba70852x000.xml: 8598 bytes
2018-11-21 22:43:52.722    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f1735de1b32d1bfa2a73f9326ba70852x000.xml: 47 ms
2018-11-21 22:43:52.722    Update progress: [I19463] Product download size 1645028 bytes
2018-11-21 22:43:53.774    Update progress: [I19463] Syncing product IDE560 LATEST path=
2018-11-21 22:43:53.774    Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2018-11-21 22:43:53.774    Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 78 ms
2018-11-21 22:43:54.059    Installing updates...
2018-11-21 22:43:54.664    Error level 1
2018-11-21 22:44:26.194    Update successful
2018-11-21 22:44:37.187    Option all = no
2018-11-21 22:44:37.187    Option recurse = yes
2018-11-21 22:44:37.187    Option archive = no
2018-11-21 22:44:37.187    Option service = yes
2018-11-21 22:44:37.187    Option confirm = yes
2018-11-21 22:44:37.187    Option sxl = yes
2018-11-21 22:44:37.189    Option max-data-age = 35
2018-11-21 22:44:37.189    Option vdl-logging = yes
2018-11-21 22:44:37.196    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2018-11-21 22:44:37.196    Machine ID:    b8f7271f9efd457ba227faaeb502e83e
2018-11-21 22:44:37.196    Component SVRTcli.exe version 2.7.0
2018-11-21 22:44:37.197    Component control.dll version 2.7.0
2018-11-21 22:44:37.197    Component SVRTservice.exe version 2.7.0
2018-11-21 22:44:37.197    Component engine\osdp.dll version 1.44.1.2432
2018-11-21 22:44:37.197    Component engine\veex.dll version 3.74.1.2432
2018-11-21 22:44:37.197    Component engine\savi.dll version 9.0.12.2432
2018-11-21 22:44:37.198    Component rkdisk.dll version 1.5.33.1
2018-11-21 22:44:37.198    Version info:    Product version    2.7.0
2018-11-21 22:44:37.198    Version info:    Detection engine    3.74.1
2018-11-21 22:44:37.198    Version info:    Detection data    5.57
2018-11-21 22:44:37.198    Version info:    Build date    11/13/2018
2018-11-21 22:44:37.198    Version info:    Data files added    146
2018-11-21 22:44:37.198    Version info:    Last successful update    11/21/2018 5:44:26 PM

2018-11-21 23:23:16.056    Could not open C:\hiberfil.sys
2018-11-21 23:23:16.074    Could not open C:\pagefile.sys
2018-11-21 23:29:52.644    Could not open C:\swapfile.sys
2018-11-21 23:29:52.890    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.890    Could not open C:\System Volume Information\{6a21c8d1-e85d-11e8-86c3-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.891    Could not open C:\System Volume Information\{6a21d037-e85d-11e8-86c3-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.891    Could not open C:\System Volume Information\{6a21dbc6-e85d-11e8-86c3-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.891    Could not open C:\System Volume Information\{6a21e3e3-e85d-11e8-86c3-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.892    Could not open C:\System Volume Information\{7ddca647-eddc-11e8-86c5-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.892    Could not open C:\System Volume Information\{ca4e415b-e533-11e8-86c1-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:52.893    Could not open C:\System Volume Information\{cc367b82-edcd-11e8-86c4-08d40c46f6df}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-11-21 23:29:59.657    Could not open C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
2018-11-21 23:29:59.658    Could not open C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2018-11-21 23:30:40.101    Could not open C:\Users\admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2018-11-21 23:30:40.101    Could not open C:\Users\admin\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2018-11-21 23:39:04.397    Could not open C:\Windows\System32\config\BBI
2018-11-21 23:39:04.620    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-11-21 23:39:04.621    Could not open C:\Windows\System32\config\RegBack\SAM
2018-11-21 23:39:04.621    Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-11-21 23:39:04.622    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-11-21 23:39:04.622    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-11-21 23:57:32.832    Could not open LOGICAL:0003:00000000
2018-11-21 23:57:32.843    Could not open D:\
2018-11-21 23:57:33.539    Error level 0

2018-11-22 00:08:52.598    Scan completed.
2018-11-22 00:08:52.598    

------------------------------------------------------------

 

 

 

 

Link to post
Share on other sites

Your logs indicate a clean system, I would change all passwords before going any further... To clean up do the following:

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.