Jump to content

mps.eanswers.com hijacker infestion - HELP! Blue Meanies Heeeelp!

AreV

By AreV
in Resolved Malware Removal Logs

 Share

Recommended Posts

AreV

AreV

Posted
Posted

I am running Malwarebytes premium and it suddenly yesterday started detecting a hijacker that changed my Bing search engine to Yahoo. IT would not allow me to go to numerous pages and then when I'd try again it said it could not connect.This was on my Firefox browser. I'm running Windows 10 fully upgraded to the latest version of 1809. I can surf on Edge but hate it. I answered another thread but realized I might have been hijacking the thread of another so will post on this new thread here what NASDAQ asked ROYK to provide on the other:

Another tech as for the logs from running the Farber Recovery Scan tool from bleeping computers and to paste the FRST log and attach the addition.txt file Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by derek (administrator) on DESKTOP-AU9TK0A (23-11-2018 15:00:24)
Running from C:\Users\derek\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: derek (Available Profiles: derek)
Platform: Windows 10 Pro Version 1809 17763.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek) C:\Windows\SwUSB.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20112.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Logitech) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOverlay.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20112.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Farbar) C:\Users\derek\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14071552 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2179720 2018-09-22] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2298334748-630230005-1455283594-1002\...\Run: [BingSvc] => C:\Users\derek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2298334748-630230005-1455283594-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89883cf3-99eb-4c07-a622-1ae8f5f3c110}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e33bb85d-937c-4bb5-add0-b11a1ab3e28f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2298334748-630230005-1455283594-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
SearchScopes: HKU\S-1-5-21-2298334748-630230005-1455283594-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=BDT1DF&PC=BDT1&DT=080618&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2298334748-630230005-1455283594-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=BDT1DF&PC=BDT1&DT=080618&q={searchTerms}&src=IE-SearchBox
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2298334748-630230005-1455283594-1002 -> hxxps://www.bing.com/
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF DefaultProfile: ksq5ulde.default
FF ProfilePath: C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default [2018-11-23]
FF Homepage: Mozilla\Firefox\Profiles\ksq5ulde.default -> hxxps://www.bing.com/?pc=U162
FF Session Restore: Mozilla\Firefox\Profiles\ksq5ulde.default -> is enabled.
FF Extension: (Bing Search Engine) - C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default\Extensions\bingsearchweb_uniwin@microsoft.com.xpi [2018-08-07]
FF Extension: (Logitech SetPoint) - C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2018-10-09]
FF Extension: (Adblock Plus) - C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-14]
FF Extension: (Safe Browsing) - C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default\Extensions\{ef986f55-2dc9-4e39-8c87-618cf4fe5e69}.xpi [2018-11-19]
FF SearchPlugin: C:\Users\derek\AppData\Roaming\Mozilla\Firefox\Profiles\ksq5ulde.default\searchplugins\bing-.xml [2018-08-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-10-09] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-11-17] (Microsoft Corporation)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
R3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [915968 2018-11-17] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7237896 2018-11-10] (MediaMall Technologies, Inc.)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor)
S2 RunSwUSB; C:\Windows\runSW.exe [44760 2018-08-07] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-23] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Advanced Micro Devices)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-11-01] (Malwarebytes)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-23] (Malwarebytes)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc.)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [9275336 2018-09-17] (Realtek Semiconductor Corporation )
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [171520 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-23] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-23 15:00 - 2018-11-23 15:00 - 000000000 ____D C:\FRST
2018-11-23 14:30 - 2018-11-23 14:30 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-23 14:29 - 2018-11-23 14:29 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-23 14:29 - 2018-11-23 14:29 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-23 14:29 - 2018-11-23 14:29 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-23 14:24 - 2018-11-23 14:24 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-23 14:04 - 2018-11-23 14:04 - 000039628 _____ C:\Users\derek\OneDrive\Documents\cc_20181123_140440.reg
2018-11-19 14:14 - 2018-11-23 11:55 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AF70294C-4738-40F5-8D61-636BD3DE515C}
2018-11-17 21:37 - 2018-11-17 20:03 - 000000000 ____D C:\Windows.old
2018-11-17 20:07 - 2018-11-17 20:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-17 20:03 - 2018-11-17 20:03 - 000000020 ___SH C:\Users\derek\ntuser.ini
2018-11-17 20:02 - 2018-11-23 14:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-17 20:02 - 2018-11-21 12:11 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2298334748-630230005-1455283594-1002
2018-11-17 20:02 - 2018-11-17 20:03 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-17 20:02 - 2018-11-17 20:03 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-17 20:02 - 2018-11-17 20:02 - 000003762 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-17 20:02 - 2018-11-17 20:02 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-17 20:02 - 2018-11-17 20:02 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2298334748-630230005-1455283594-500
2018-11-17 20:02 - 2018-11-17 20:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-11-17 20:02 - 2018-05-04 17:01 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3977215705-1450759826-1072599297-500
2018-11-17 19:59 - 2018-11-17 20:02 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-11-17 19:59 - 2018-11-17 20:02 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-11-17 19:55 - 2018-11-23 14:30 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-17 19:46 - 2018-11-17 19:46 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-11-17 19:43 - 2018-11-21 12:11 - 000002370 _____ C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-17 19:43 - 2018-11-17 20:03 - 000000000 ____D C:\Users\derek
2018-11-17 19:43 - 2018-11-17 19:43 - 000000000 ____D C:\ProgramData\USOShared
2018-11-17 19:41 - 2018-09-15 01:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-11-17 19:38 - 2018-11-23 13:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-17 19:38 - 2018-11-17 19:48 - 000434144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-17 19:21 - 2018-11-17 21:37 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-11-17 19:20 - 2018-11-17 19:21 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-11-17 19:16 - 2018-11-17 19:16 - 011744256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-17 19:16 - 2018-11-17 19:16 - 009951744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-17 19:16 - 2018-11-17 19:16 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-11-17 19:16 - 2018-11-17 19:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 020811776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 012858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 007857152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 006543528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 006305936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 006059008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 005584864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 005113000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 004918784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 004886016 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 004765184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003951192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003744256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003730352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 003600896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003577856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003566080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 003108864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002985328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002927112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-17 19:15 - 2018-11-17 19:15 - 002883584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002777432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002689536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002429752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-17 19:15 - 2018-11-17 19:15 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-11-17 19:15 - 2018-11-17 19:15 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001997048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001749504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001720928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001688576 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001675520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001674992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001672072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001466992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001295072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001289400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001282640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001279008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-17 19:15 - 2018-11-17 19:15 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2018-11-17 19:15 - 2018-11-17 19:15 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2018-11-17 19:15 - 2018-11-17 19:15 - 001162088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001097312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001073232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001026992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000964776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000783696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-11-17 19:15 - 2018-11-17 19:15 - 000762824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000604248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000534840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-11-17 19:15 - 2018-11-17 19:15 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000513912 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000373768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2018-11-17 19:15 - 2018-11-17 19:15 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000263568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000262456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-11-17 19:15 - 2018-11-17 19:15 - 000252536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastingShellExt.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CastingShellExt.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000091640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-17 19:15 - 2018-11-17 19:15 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-17 19:14 - 2018-11-17 19:15 - 002626568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 022112064 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 009682960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 007685224 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 006132736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 005565440 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 005312512 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 005130752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 004588776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 004300800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 004245280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 003983360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 003556864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003504640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003380224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003379240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 003337800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 003092480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002988544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002721792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 002702536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002654208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002630656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002594872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002435488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002185728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002149368 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 002020560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001969680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001842600 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001819136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001751080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001715200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001695912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-17 19:14 - 2018-11-17 19:14 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001612808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001467080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001402408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001395248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001387496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001360912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 001341072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-17 19:14 - 2018-11-17 19:14 - 001331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001287584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001255952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001249792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001199104 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001181824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001177840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001053336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001052176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 001051152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 001048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000918512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000828936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000818832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000756344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000743432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000667152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000660280 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000653112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000649736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000582040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000532176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000506432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000495624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000431120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000402568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000398400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000298536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000293856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000176656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000175096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000163992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000114856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000090128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000079888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-11-17 19:14 - 2018-11-17 19:14 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2018-11-17 19:14 - 2018-11-17 19:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2018-11-17 19:14 - 2018-11-17 19:14 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2018-11-17 19:07 - 2018-11-17 19:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-11-17 19:07 - 2018-11-17 19:07 - 000000000 ____D C:\Program Files\MSBuild
2018-11-17 19:07 - 2018-11-17 19:07 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-11-17 19:07 - 2018-11-17 19:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-11-17 19:06 - 2018-11-17 19:06 - 001167960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-11-17 19:06 - 2018-11-17 19:06 - 000780376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-11-17 19:06 - 2018-11-17 19:06 - 000126064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-11-17 19:06 - 2018-11-17 19:06 - 000104560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-11-17 19:06 - 2018-11-17 19:06 - 000036896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-11-17 19:06 - 2018-11-17 19:06 - 000035440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-11-17 19:01 - 2018-11-17 19:01 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2018-11-17 18:53 - 2018-11-17 18:53 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-11-17 17:44 - 2018-11-23 14:08 - 000000000 ___DC C:\WINDOWS\Panther
2018-11-17 17:14 - 2018-11-17 17:15 - 000004766 _____ C:\Users\derek\Downloads\Add_Run_as_administrator_to_Context_Menu.reg
2018-11-17 17:06 - 2018-11-17 17:06 - 283111424 _____ C:\Users\derek\Downloads\LibreOffice_6.1.1_Win_x64.msi
2018-11-17 17:02 - 2018-11-17 17:02 - 018071560 _____ (Piriform Software Ltd) C:\Users\derek\Downloads\ccsetup549.exe
2018-11-17 14:06 - 2018-11-17 14:11 - 000000000 ____D C:\Users\derek\OneDrive\Documents\Computer 2019
2018-11-16 13:48 - 2018-11-16 13:48 - 000000000 ____D C:\Program Files\rempl
2018-11-11 17:00 - 2018-11-17 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
2018-11-11 17:00 - 2018-11-17 19:28 - 000000000 ____D C:\ProgramData\MediaMall
2018-11-11 17:00 - 2018-11-11 17:00 - 000001022 _____ C:\Users\Public\Desktop\PlayOn.lnk
2018-11-11 17:00 - 2018-11-11 17:00 - 000000000 ____D C:\Program Files (x86)\MediaMall
2018-11-11 16:54 - 2018-11-11 16:54 - 159744232 _____ (MediaMall Technologies, Inc.) C:\Users\derek\Downloads\PlayOnSetup.4.5.8.exe
2018-11-06 20:05 - 2018-11-06 20:05 - 000000000 ____D C:\Users\derek\AppData\Local\CEF
2018-11-06 20:03 - 2018-11-06 20:03 - 156457816 _____ (Logitech Inc.) C:\Users\derek\Downloads\Options_6.94.17.exe
2018-10-31 15:45 - 2018-10-31 15:45 - 000233656 _____ C:\Users\derek\Downloads\CrucialScan(4).exe
2018-10-30 17:09 - 2018-10-30 17:09 - 000002924 _____ C:\Users\derek\OneDrive\Documents\cc_20181030_180954.reg
2018-10-30 17:05 - 2018-10-30 17:05 - 018072104 _____ (Piriform Ltd) C:\Users\derek\Downloads\ccsetup548.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-23 14:53 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-23 14:30 - 2018-09-15 01:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-23 14:26 - 2018-08-06 14:26 - 000000000 ____D C:\Users\derek\AppData\LocalLow\Mozilla
2018-11-23 14:22 - 2018-09-15 00:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-23 14:22 - 2018-05-04 17:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-22 16:26 - 2018-08-07 15:26 - 000000000 ____D C:\Users\derek\AppData\Roaming\vlc
2018-11-22 16:06 - 2018-08-06 18:27 - 000000000 ____D C:\Users\derek\AppData\Roaming\dvdcss
2018-11-22 15:02 - 2018-09-15 01:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-22 14:35 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-22 14:29 - 2018-09-15 01:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-21 12:11 - 2018-08-06 14:09 - 000000000 ___RD C:\Users\derek\OneDrive
2018-11-21 12:04 - 2018-09-15 01:36 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-21 12:04 - 2018-09-15 01:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-19 15:38 - 2018-08-06 13:59 - 000000000 ____D C:\Users\derek\AppData\Local\D3DSCache
2018-11-19 14:32 - 2018-08-06 17:03 - 000011264 _____ C:\Users\derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-19 14:18 - 2018-08-07 15:25 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-11-18 11:05 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-17 21:37 - 2018-10-09 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-11-17 21:37 - 2018-10-06 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-17 21:37 - 2018-09-15 01:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-17 21:37 - 2018-09-15 01:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-17 21:37 - 2018-09-01 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-11-17 21:37 - 2018-09-01 11:43 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-11-17 21:37 - 2018-08-15 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2018-11-17 21:37 - 2018-08-07 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-11-17 21:37 - 2018-08-06 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-17 21:37 - 2018-08-06 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-11-17 21:37 - 2018-08-06 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
2018-11-17 21:37 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-17 20:22 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ServiceState
2018-11-17 20:22 - 2018-08-07 14:06 - 000000000 ____D C:\ProgramData\Packages
2018-11-17 20:22 - 2018-08-06 14:05 - 000000000 ____D C:\Users\derek\AppData\Local\Packages
2018-11-17 20:18 - 2018-08-06 14:16 - 000000000 ____D C:\Users\derek\AppData\Local\Comms
2018-11-17 20:04 - 2018-08-06 14:05 - 000000000 ___RD C:\Users\derek\3D Objects
2018-11-17 20:04 - 2018-05-04 16:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-17 20:03 - 2018-09-15 00:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-17 20:03 - 2018-08-06 14:04 - 000000000 ____D C:\Users\derek\AppData\Local\ConnectedDevicesPlatform
2018-11-17 20:02 - 2018-09-15 01:33 - 000000000 ___RD C:\Program Files\Windows Defender
2018-11-17 19:54 - 2018-09-15 01:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-17 19:53 - 2018-09-15 01:33 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-17 19:45 - 2018-08-18 15:56 - 000000000 ____D C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pluto TV
2018-11-17 19:43 - 2018-10-09 12:44 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-11-17 19:43 - 2018-09-15 01:33 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-17 19:42 - 2018-05-04 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-11-17 19:25 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-11-17 19:22 - 2018-05-04 17:03 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-11-17 19:21 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\Resources
2018-11-17 19:21 - 2018-08-01 11:14 - 000000000 ____D C:\Program Files\AMD
2018-11-17 19:21 - 2018-05-04 17:04 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-11-17 19:21 - 2018-05-04 17:03 - 000000000 ____D C:\Program Files\Realtek
2018-11-17 19:18 - 2018-09-15 03:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-17 19:18 - 2018-09-15 03:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-11-17 19:18 - 2018-09-15 01:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-17 17:19 - 2018-08-06 14:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-17 17:19 - 2018-08-06 14:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 17:18 - 2018-08-15 16:44 - 000000000 ____D C:\Program Files\LibreOffice
2018-11-17 17:02 - 2018-08-06 18:00 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-17 17:01 - 2018-08-06 14:26 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-17 14:06 - 2018-08-25 16:23 - 000000000 ____D C:\Users\derek\OneDrive\Documents\Computer 2017
2018-11-13 16:42 - 2018-08-25 16:20 - 000000000 ____D C:\Users\derek\OneDrive\Documents\All best quotes
2018-11-13 12:55 - 2018-08-07 12:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-13 12:52 - 2018-08-07 12:32 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-11 17:00 - 2018-09-03 18:48 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-06 20:05 - 2018-10-09 12:42 - 000000000 ____D C:\Users\derek\AppData\Roaming\Logishrd
2018-11-06 20:04 - 2018-10-09 12:43 - 000000000 ____D C:\Program Files\Logitech
2018-11-06 20:04 - 2018-10-09 12:38 - 000000000 ____D C:\ProgramData\LogiShrd
2018-11-01 19:02 - 2018-08-18 15:55 - 000000000 ____D C:\Users\derek\AppData\Roaming\Pluto TV
2018-11-01 14:14 - 2018-10-06 16:06 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-31 15:12 - 2018-08-06 16:48 - 000000000 ____D C:\Program Files\Speccy
2018-10-30 17:06 - 2018-08-06 18:00 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2018-08-06 17:03 - 2018-11-19 14:32 - 000011264 _____ () C:\Users\derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Someone please help me get Firefox back up. In the meanitime I am uninstalling FF and reinstalling it and see if that shakes off the hijack.

Addition.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Glad to see you.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

This may help also.

Remove and reinstall FireFox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import#w_protecting-your-passwords


If you are Syncing Firefox it with other Devices remove it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

When all is well you can re-sync your devices. NOT NOW.
<<<>>>

fixlist.txt

Link to post
Share on other sites
AreV

AreV

Posted
  • Author
Posted

Yes,

I did your suggestions as a back up. As I was waiting for you I had already gotten Malwarebytes (MB) to find the PUP and quarantine it. It was hijacking my search engine to Yahoo, and then since it was affecting my machine, MB was not allowing my searches or websites through. Nor did MB find it until after I ran Norton Power Eraser which said it found nothing. I had also uninstalled Firefox and MB before MB found the PUP.

This is a first because I used to remove malware for years manually for folks with no back ups using other tools from Bleeping computer. I stopped helping others with the advent of Windows 10. I just didn't keep up. So thanks for helping me nasdaq!

RV most places, AreV here.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept