undetected malware affects all browsers

[benwood]

This link was clicked and it apparently had an MS Word macro because it caused MS Word to launch.  Not everything apparently loaded because the user reported that they got a malicious script alert (or something similar) from MS Word.

However, the computer behavior changed.  The PS/2 keyboard connector went dead for Windows (it works when entering BIOS configuration; and USB keyboard adapter works).

Also, all browsers get bogged down and eventually crash.  That would be Firefox, Chrome, Edge, and Internet Explorer.  Computer is Windows 10 with latest security patches.

I ran Sophos virus scan on entire system.  It found some files which it could not scan, most of which were Windows backup files but one was a file called "i4del0.exe" which I can see from this is apparently a key logger (https://www.file.net/process/i4jdel0.exe.html).

Malwarebytes did not find anything to report.

I was able to remove that file when in Safe Mode, but the machine behavior appears to be the same.

Here is the link in the phishing e-mail which was clicked:  http://marcofama.it/US/Transactions-details/122018

 

Several reboots and rescans by both Malwarebytes and Sophos have not provided any additional clues yet, but the browsers continue to lock up and the keyboard still will not work with the PS/2 port (not essential of course but an indicator of a deeper problem).

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

 

[benwood]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by ben (administrator) on OKAPI (07-12-2018 11:33:12)
Running from D:\
Loaded Profiles: ben & DefaultAppPool (Available Profiles: ben & DefaultAppPool)
Platform: Windows 10 Enterprise Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
() C:\Program Files (x86)\SmartSVN 8.5\bin\statuscached.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
() C:\Program Files (x86)\SmartSVN 8.5\bin\statuscached.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Kitco Metals Inc) C:\Users\ben\AppData\Local\Programs\Kitco\KcastWin7.exe
() C:\Program Files (x86)\SmartSVN 8.5\bin\smartsvn.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
Failed to access process -> swi_lspdiag.exe
(The Qt Company Ltd) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3806016 2018-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1517632 2018-07-16] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKLM\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKLM\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKLM\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-10-20] (TrueCrypt Foundation)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\...\Run: [KcastWin7] => C:\Users\ben\AppData\Local\Programs\Kitco\KcastWin7.exe [2932736 2012-12-18] (Kitco Metals Inc)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] ()
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2018-03-06] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [207864 2018-03-06] (Sophos Limited)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2018-03-06] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartSVN 8.5 (background).lnk [2015-10-07]
ShortcutTarget: SmartSVN 8.5 (background).lnk -> C:\Program Files (x86)\SmartSVN 8.5\bin\smartsvn.exe ()
Startup: C:\Users\ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk [2018-01-25]
ShortcutTarget: OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{175c30e4-0660-4e99-b495-435ed3e775b6}: [DhcpNameServer] 128.95.120.1
Tcpip\..\Interfaces\{f2a8cded-5d0e-4076-8ca9-10c1a2f3c576}: [NameServer] 128.95.112.1,140.142.8.35

Internet Explorer:
==================
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=C455AFC2AF918ED8A40B6B71A2E8CE4A.tDmuQOyrgwQejJ86RnV9zzgP3Sw
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-01] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-01] (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: tye4l2gv.default
FF ProfilePath: C:\Users\ben\AppData\Roaming\RedHat\ESC\Profiles\ljupfx9o.default [2017-10-10]
FF ProfilePath: C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\tye4l2gv.default [2018-12-07]
FF Homepage: Mozilla\Firefox\Profiles\tye4l2gv.default -> hxxps://my.yahoo.com/
FF Extension: (NoScript) - C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\tye4l2gv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-12-06]
FF Extension: (Adblock Plus) - C:\Users\ben\AppData\Roaming\Mozilla\Firefox\Profiles\tye4l2gv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-06]
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-12-07]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default [2018-12-07]
CHR Extension: (Slides) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-18]
CHR Extension: (DuckDuckGo) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-11-27]
CHR Extension: (YouTube) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Sheets) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-09]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
U2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-12-07] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-12-07] (AVAST Software)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-11-28] (Dropbox, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [755320 2015-02-13] (DoD PKE Engineering)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-24] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [251984 2018-08-30] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [225000 2018-08-30] (Sophos Limited)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [775696 2018-07-16] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2016-08-30] (Sophos Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 statuscached; C:\Program Files (x86)\SmartSVN 8.5\bin\statuscached.exe [295424 2014-05-06] () [File not signed]
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2018-08-30] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3621480 2018-08-30] (Sophos Limited)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-12-06] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-12-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 HPEWSFXBULK; C:\WINDOWS\system32\drivers\hpfx64bulk.sys [29168 2018-03-23] (Hewlett Packard)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-10-09] (AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-10-09] (AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-10-09] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2018-12-07] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-12-07] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2018-12-07] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2018-12-07] (AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [48320 2018-01-14] (AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-09] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (The OpenVPN Project)
S0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [238528 2018-12-07] (AO Kaspersky Lab)
R3 klupd_klif_arkmon_9F8F38BD137DA434E92D9987D0C252D1; C:\Users\ben\AppData\Local\Temp\{6CC1B28A-7266-46FB-A7ED-8A8A2963F247}\9F8F38BD137DA434E92D9987D0C252D1.sys [238528 2018-12-07] (AO Kaspersky Lab) <==== ATTENTION
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2018-12-07] (AO Kaspersky Lab)
U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [289856 2018-12-07] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [110640 2018-12-07] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [193168 2018-12-07] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2018-12-07] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-12-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-12-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-12-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-12-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-12-07] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [204328 2017-10-11] (Sophos Limited)
S3 sdcfilter; C:\WINDOWS\System32\DRIVERS\sdcfilter.sys [36640 2011-10-23] (Sophos Limited)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Corporation)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2017-10-11] (Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2017-10-11] (Sophos Limited)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-12-06] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-12-06] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-12-06] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-07 11:32 - 2018-12-07 11:33 - 000000000 ____D C:\FRST
2018-12-07 10:55 - 2018-12-07 10:55 - 000289856 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-12-07 10:47 - 2018-12-07 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-12-07 10:46 - 2018-12-07 10:46 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-12-07 10:46 - 2018-12-07 10:46 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-07 10:45 - 2018-12-07 10:45 - 000238528 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-12-07 10:45 - 2018-12-07 10:45 - 000193168 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-12-07 10:45 - 2018-12-07 10:45 - 000110640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-12-07 10:45 - 2018-12-07 10:45 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-12-07 10:44 - 2018-12-07 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-12-07 10:44 - 2018-12-07 10:43 - 000002108 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-12-07 10:43 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2018-12-07 10:42 - 2018-12-07 11:29 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-12-07 10:42 - 2018-12-07 11:02 - 001113696 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-12-07 10:42 - 2018-12-07 11:01 - 000219744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-12-07 10:42 - 2018-12-07 10:45 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-12-07 10:42 - 2018-12-07 10:42 - 001214752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-12-07 10:42 - 2018-12-07 10:42 - 000152960 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-12-07 10:42 - 2018-12-07 10:42 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2018-12-07 10:42 - 2018-12-07 10:42 - 000003334 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2018-12-07 10:42 - 2018-12-07 10:42 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-12-07 10:41 - 2018-12-07 10:41 - 000000000 ____D C:\Users\ben\AppData\Roaming\AVAST Software
2018-12-07 10:41 - 2018-12-07 10:41 - 000000000 ____D C:\Users\ben\AppData\Local\CEF
2018-12-07 10:39 - 2018-12-07 10:39 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-12-07 10:37 - 2018-12-07 10:38 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-12-07 10:37 - 2018-12-07 10:37 - 002623360 _____ (Kaspersky Lab) C:\Users\ben\Downloads\startup_14441 (2).exe
2018-12-07 10:37 - 2018-12-07 10:37 - 002623360 _____ (Kaspersky Lab) C:\Users\ben\Downloads\startup_14441 (1).exe
2018-12-07 10:32 - 2018-12-07 10:32 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-12-07 10:31 - 2018-12-07 10:31 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-07 10:31 - 2018-12-07 10:31 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-12-07 10:31 - 2018-12-07 10:31 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-12-07 10:28 - 2018-12-07 10:28 - 002623360 _____ (Kaspersky Lab) C:\Users\ben\Downloads\startup_14441.exe
2018-12-07 10:10 - 2018-12-07 10:10 - 000609468 _____ C:\Users\ben\AppData\Local\census.cache
2018-12-07 10:10 - 2018-12-07 10:10 - 000445643 _____ C:\Users\ben\AppData\Local\ars.cache
2018-12-07 09:41 - 2018-12-07 09:40 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc368bba330099694.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000469272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbefd2536f17601d6.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswde22d139fde68e7d.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000380464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbadbdd7954062b64.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd67c54e95cb8c1e2.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000208472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw496f105224cc4b39.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbf017820fe0e1259.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000201240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw  7a63ac55360342.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswae35a792381d00ef.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000163208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 1e97acfe01565f7.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswef8b183535915ebd.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000111800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswacfd4f9163e5e604.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5ec4953e72a6304a.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000087432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw4c4d7260c3793476.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe9442e8ac7ffc0d8.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000046384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw10269c670d63f29d.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7302361f3895dcd5.tmp
2018-12-07 09:41 - 2018-12-07 09:40 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3d265d0f8f5b57cb.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw809ead6e76efda62.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 001028680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw29506dd8a954bd19.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f59334fe7e2db71.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000346592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3ea091965ec673b1.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbb69f16981be34d5.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000230344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1e81744b98835860.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb839318be6fde05a.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000201768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw977ee8dbd7aebfec.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa2a492e9c5fc7965.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000059496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw  350e7560e94c0a.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 3faf448167b7b45.tmp
2018-12-07 09:41 - 2018-12-07 09:39 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 11f52b8591451f3.tmp
2018-12-07 09:40 - 2018-12-07 09:40 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-07 09:39 - 2018-12-07 09:39 - 000000010 _____ C:\Users\ben\AppData\Local\sponge.last.runtime.cache
2018-12-07 09:38 - 2018-12-07 11:11 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-07 09:38 - 2018-12-07 09:38 - 000178320 _____ (AVAST Software) C:\Users\ben\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-12-07 09:38 - 2018-12-07 09:38 - 000000000 ____D C:\Program Files\AVAST Software
2018-12-07 09:37 - 2018-12-07 09:37 - 000000000 ____D C:\ProgramData\Trend Micro
2018-12-07 09:36 - 2018-12-07 09:36 - 000000000 ____D C:\WINDOWS\Trend Micro
2018-12-07 09:35 - 2018-12-07 09:35 - 000000036 _____ C:\Users\ben\AppData\Local\housecall.guid.cache
2018-12-06 21:00 - 2018-12-07 09:32 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-06 21:00 - 2018-12-06 21:00 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-06 21:00 - 2018-12-06 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-06 21:00 - 2018-10-18 09:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-06 20:59 - 2018-12-06 20:59 - 080891656 _____ (Malwarebytes ) C:\Users\ben\Downloads\mb3-setup-54035.54035-3.6.1.2711-1.0.482-1.0.7469.exe
2018-12-06 17:02 - 2018-12-06 17:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-06 17:02 - 2018-12-06 17:02 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-12-06 17:02 - 2018-12-06 17:02 - 000000000 ____D C:\Users\ben\AppData\Local\Mozilla
2018-12-06 17:01 - 2018-12-06 17:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-06 17:01 - 2018-12-06 17:01 - 000319976 _____ (Mozilla) C:\Users\ben\Downloads\Firefox Installer.exe
2018-12-06 16:50 - 2018-12-06 16:50 - 006351872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-12-06 15:23 - 2018-12-07 09:57 - 000493524 _____ C:\WINDOWS\ntbtlog.txt
2018-12-06 15:23 - 2018-12-07 09:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-12-06 14:12 - 2018-12-06 14:12 - 000000129 _____ C:\Users\ben\Desktop\RECYCLE FILES.txt
2018-12-06 11:00 - 2018-12-06 11:00 - 000000000 ____D C:\Users\ben\AppData\Local\mbam
2018-12-06 10:59 - 2018-12-06 10:59 - 000000000 ____D C:\Users\ben\AppData\Local\mbamtray
2018-12-06 10:58 - 2018-12-06 10:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-06 10:58 - 2018-12-06 10:58 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-04 16:20 - 2018-12-04 16:20 - 000060650 _____ C:\Users\ben\Documents\BEN_HAND_CLINIC.pdf
2018-12-04 16:18 - 2018-12-04 16:18 - 000061901 _____ C:\Users\ben\Documents\KIM_HAND_CLINIC.pdf
2018-12-03 16:08 - 2018-12-03 16:08 - 000000000 ____D C:\WINDOWS\Sun
2018-12-03 15:33 - 2018-12-03 15:33 - 010496384 _____ C:\Users\ben\Desktop\JavaFX-Programming-Cookbook.pdf
2018-11-30 10:09 - 2018-11-30 10:10 - 000000000 ____D C:\Users\ben\Downloads\TrueCrypt
2018-11-30 10:09 - 2014-05-30 09:18 - 003466248 _____ (TrueCrypt Foundation) C:\Users\ben\Downloads\TrueCrypt Setup 7.1a.exe
2018-11-29 12:17 - 2018-11-29 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-28 05:09 - 2018-11-28 05:09 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-11-28 05:09 - 2018-11-28 05:09 - 000047792 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-11-28 05:09 - 2018-11-28 05:09 - 000047792 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-11-28 05:09 - 2018-11-28 05:09 - 000045752 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-11-27 10:25 - 2018-11-27 10:25 - 000000000 ____D C:\Users\ben\Desktop\SSL_LOG.txt
2018-11-26 17:07 - 2018-11-26 17:07 - 000000000 ____D C:\Users\ben\.m2
2018-11-26 16:58 - 2018-11-26 17:02 - 000007045 _____ C:\Users\ben\SuperJuke.txt
2018-11-26 16:52 - 2018-12-07 10:47 - 000000000 ____D C:\eclipse
2018-11-26 16:50 - 2018-11-26 16:51 - 191686417 _____ C:\Users\ben\Downloads\eclipse-java-oxygen-3a-win32-x86_64.zip
2018-11-26 16:40 - 2018-11-26 16:40 - 021880698 _____ C:\Users\ben\Downloads\pro-javafx-8-master.zip
2018-11-26 09:49 - 2018-11-26 09:52 - 000000000 ____D C:\Users\ben\Desktop\SuperJuke
2018-11-19 16:46 - 2018-11-19 16:49 - 000000000 ____D C:\Users\ben\Downloads\ArchivedUsers
2018-11-15 05:30 - 2018-11-01 03:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-15 05:30 - 2018-11-01 03:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-15 05:30 - 2018-11-01 03:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-15 05:30 - 2018-11-01 03:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-15 05:30 - 2018-11-01 01:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-15 05:30 - 2018-11-01 01:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-15 05:30 - 2018-10-31 23:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-15 05:30 - 2018-10-31 23:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-15 05:30 - 2018-10-31 23:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-15 05:30 - 2018-10-31 23:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-15 05:30 - 2018-10-31 23:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-15 05:30 - 2018-10-31 23:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-15 05:30 - 2018-10-31 23:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-15 05:30 - 2018-10-31 23:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-15 05:30 - 2018-10-31 23:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-15 05:30 - 2018-10-31 23:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-15 05:30 - 2018-10-31 23:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-15 05:30 - 2018-10-31 22:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-15 05:30 - 2018-10-31 22:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-15 05:30 - 2018-10-31 22:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-15 05:30 - 2018-10-31 20:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-15 05:30 - 2018-10-31 20:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-15 05:30 - 2018-10-31 20:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-15 05:30 - 2018-10-31 20:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-15 05:30 - 2018-10-31 20:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-15 05:30 - 2018-10-31 20:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-15 05:30 - 2018-10-31 20:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-15 05:30 - 2018-10-21 05:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-15 05:30 - 2018-10-21 03:41 - 001540408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-11-15 05:30 - 2018-10-21 03:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-15 05:30 - 2018-10-21 03:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-15 05:30 - 2018-10-20 23:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-15 05:30 - 2018-10-20 23:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-15 05:30 - 2018-10-20 23:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-15 05:30 - 2018-09-20 19:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-11-15 05:30 - 2018-09-20 19:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-11-15 05:30 - 2018-09-19 20:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-11-15 05:30 - 2018-09-19 20:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-11-15 05:30 - 2018-09-19 20:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-11-15 05:30 - 2018-09-19 20:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-11-15 05:30 - 2018-09-19 19:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-11-15 05:30 - 2018-09-19 19:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-11-15 05:30 - 2018-09-08 00:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-11-15 05:30 - 2018-09-07 19:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-11-15 05:30 - 2018-09-07 19:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-11-15 05:30 - 2018-09-07 19:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-11-15 05:30 - 2018-09-07 19:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-11-15 05:30 - 2018-09-07 19:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-11-15 05:29 - 2018-11-01 03:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-15 05:29 - 2018-11-01 03:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-15 05:29 - 2018-11-01 03:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-15 05:29 - 2018-11-01 03:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-15 05:29 - 2018-11-01 03:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-15 05:29 - 2018-11-01 03:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-15 05:29 - 2018-11-01 03:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-15 05:29 - 2018-11-01 03:28 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-15 05:29 - 2018-11-01 03:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-15 05:29 - 2018-11-01 03:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-15 05:29 - 2018-11-01 03:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-15 05:29 - 2018-11-01 03:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-15 05:29 - 2018-11-01 03:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-15 05:29 - 2018-11-01 03:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-15 05:29 - 2018-11-01 03:26 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-11-15 05:29 - 2018-11-01 03:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-15 05:29 - 2018-11-01 03:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-11-15 05:29 - 2018-11-01 03:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-15 05:29 - 2018-11-01 02:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-15 05:29 - 2018-11-01 01:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-15 05:29 - 2018-11-01 01:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-15 05:29 - 2018-11-01 01:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-15 05:29 - 2018-11-01 01:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-15 05:29 - 2018-11-01 01:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-15 05:29 - 2018-11-01 01:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-15 05:29 - 2018-11-01 01:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-15 05:29 - 2018-11-01 01:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-15 05:29 - 2018-10-31 23:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-15 05:29 - 2018-10-31 23:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-15 05:29 - 2018-10-31 23:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-15 05:29 - 2018-10-31 23:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-15 05:29 - 2018-10-31 23:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-15 05:29 - 2018-10-31 23:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-15 05:29 - 2018-10-31 23:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-15 05:29 - 2018-10-31 23:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-15 05:29 - 2018-10-31 23:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-15 05:29 - 2018-10-31 23:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-15 05:29 - 2018-10-31 23:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-15 05:29 - 2018-10-31 23:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-15 05:29 - 2018-10-31 23:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-15 05:29 - 2018-10-31 23:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-15 05:29 - 2018-10-31 23:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-15 05:29 - 2018-10-31 23:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-15 05:29 - 2018-10-31 23:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-15 05:29 - 2018-10-31 23:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-15 05:29 - 2018-10-31 23:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-15 05:29 - 2018-10-31 23:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-15 05:29 - 2018-10-31 23:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-15 05:29 - 2018-10-31 23:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-15 05:29 - 2018-10-31 23:03 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-11-15 05:29 - 2018-10-31 23:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-15 05:29 - 2018-10-31 23:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-15 05:29 - 2018-10-31 23:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-15 05:29 - 2018-10-31 23:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-15 05:29 - 2018-10-31 23:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-15 05:29 - 2018-10-31 23:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-15 05:29 - 2018-10-31 23:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-15 05:29 - 2018-10-31 23:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-15 05:29 - 2018-10-31 22:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-15 05:29 - 2018-10-31 22:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-15 05:29 - 2018-10-31 22:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-15 05:29 - 2018-10-31 22:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-15 05:29 - 2018-10-31 22:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-15 05:29 - 2018-10-31 22:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-15 05:29 - 2018-10-31 22:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-15 05:29 - 2018-10-31 22:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-15 05:29 - 2018-10-31 22:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-11-15 05:29 - 2018-10-31 22:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-15 05:29 - 2018-10-31 22:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-15 05:29 - 2018-10-31 22:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-15 05:29 - 2018-10-31 22:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-15 05:29 - 2018-10-31 22:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-15 05:29 - 2018-10-31 22:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-15 05:29 - 2018-10-31 22:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-15 05:29 - 2018-10-31 22:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-15 05:29 - 2018-10-31 22:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-15 05:29 - 2018-10-31 22:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-15 05:29 - 2018-10-31 22:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-15 05:29 - 2018-10-31 22:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-15 05:29 - 2018-10-31 21:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-15 05:29 - 2018-10-31 21:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-15 05:29 - 2018-10-31 20:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-15 05:29 - 2018-10-31 20:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-15 05:29 - 2018-10-31 20:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-15 05:29 - 2018-10-31 20:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-15 05:29 - 2018-10-31 20:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-15 05:29 - 2018-10-31 20:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-15 05:29 - 2018-10-31 20:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-15 05:29 - 2018-10-31 20:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-15 05:29 - 2018-10-31 20:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-15 05:29 - 2018-10-31 20:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-11-15 05:29 - 2018-10-31 20:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-15 05:29 - 2018-10-31 20:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-15 05:29 - 2018-10-31 20:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-15 05:29 - 2018-10-31 20:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-15 05:29 - 2018-10-31 20:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-15 05:29 - 2018-10-31 20:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-15 05:29 - 2018-10-31 20:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-15 05:29 - 2018-10-31 20:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-15 05:29 - 2018-10-31 20:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-15 05:29 - 2018-10-31 20:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-15 05:29 - 2018-10-31 20:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-15 05:29 - 2018-10-31 20:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-15 05:29 - 2018-10-31 20:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-15 05:29 - 2018-10-21 05:04 - 002267448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-11-15 05:29 - 2018-10-21 05:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-15 05:29 - 2018-10-21 05:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-15 05:29 - 2018-10-21 05:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-15 05:29 - 2018-10-21 05:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-15 05:29 - 2018-10-21 04:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-15 05:29 - 2018-10-21 04:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-15 05:29 - 2018-10-21 04:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-15 05:29 - 2018-10-21 04:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-15 05:29 - 2018-10-21 04:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-15 05:29 - 2018-10-21 04:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-15 05:29 - 2018-10-21 04:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-15 05:29 - 2018-10-21 04:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-15 05:29 - 2018-10-21 04:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-15 05:29 - 2018-10-21 04:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-15 05:29 - 2018-10-21 04:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-15 05:29 - 2018-10-21 04:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-15 05:29 - 2018-10-21 04:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-15 05:29 - 2018-10-21 04:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-15 05:29 - 2018-10-21 04:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-15 05:29 - 2018-10-21 03:41 - 000023056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-11-15 05:29 - 2018-10-21 03:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-15 05:29 - 2018-10-21 03:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-15 05:29 - 2018-10-21 03:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-15 05:29 - 2018-10-21 03:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-15 05:29 - 2018-10-21 03:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-15 05:29 - 2018-10-21 03:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-15 05:29 - 2018-10-21 03:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-15 05:29 - 2018-10-21 03:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-15 05:29 - 2018-10-21 03:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-15 05:29 - 2018-10-21 03:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-15 05:29 - 2018-10-21 01:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-15 05:29 - 2018-10-21 00:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-15 05:29 - 2018-10-20 23:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-15 05:29 - 2018-10-20 23:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-15 05:29 - 2018-10-20 23:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-15 05:29 - 2018-10-20 23:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-15 05:29 - 2018-10-20 23:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-15 05:29 - 2018-10-20 23:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-15 05:29 - 2018-10-20 23:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-15 05:29 - 2018-10-20 23:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-15 05:29 - 2018-10-20 23:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-15 05:29 - 2018-10-20 23:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-15 05:29 - 2018-10-20 23:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-15 05:29 - 2018-10-20 23:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-15 05:29 - 2018-10-20 23:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-15 05:29 - 2018-10-20 23:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-15 05:29 - 2018-10-20 23:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-15 05:29 - 2018-10-20 23:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-15 05:29 - 2018-10-20 23:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-15 05:29 - 2018-10-20 23:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-15 05:29 - 2018-10-20 23:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-15 05:29 - 2018-10-20 23:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-15 05:29 - 2018-10-20 23:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-15 05:29 - 2018-10-20 23:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-15 05:29 - 2018-10-20 23:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-15 05:29 - 2018-10-20 23:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-15 05:29 - 2018-10-20 23:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-15 05:29 - 2018-10-20 23:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-15 05:29 - 2018-10-20 23:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-15 05:29 - 2018-10-20 23:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-15 05:29 - 2018-10-20 23:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-15 05:29 - 2018-10-20 23:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-15 05:29 - 2018-10-20 23:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-15 05:29 - 2018-10-20 23:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-15 05:29 - 2018-10-20 23:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-15 05:29 - 2018-10-20 23:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-15 05:29 - 2018-10-20 23:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-15 05:29 - 2018-10-20 23:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-15 05:29 - 2018-10-20 23:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-15 05:29 - 2018-10-20 23:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-15 05:29 - 2018-10-20 23:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-15 05:29 - 2018-10-20 23:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-15 05:29 - 2018-10-20 23:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-15 05:29 - 2018-10-20 23:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-15 05:29 - 2018-10-20 23:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-15 05:29 - 2018-10-20 23:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-15 05:29 - 2018-10-20 23:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-15 05:29 - 2018-10-20 22:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-15 05:29 - 2018-10-20 22:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-15 05:29 - 2018-10-20 22:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-15 05:29 - 2018-10-20 22:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-15 05:29 - 2018-10-20 22:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-15 05:29 - 2018-10-20 21:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-15 05:29 - 2018-10-20 21:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-15 05:29 - 2018-09-21 01:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-11-15 05:29 - 2018-09-21 01:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-11-15 05:29 - 2018-09-21 01:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-11-15 05:29 - 2018-09-21 01:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-11-15 05:29 - 2018-09-21 01:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-11-15 05:29 - 2018-09-21 01:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-11-15 05:29 - 2018-09-21 00:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-11-15 05:29 - 2018-09-20 20:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-11-15 05:29 - 2018-09-20 20:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-11-15 05:29 - 2018-09-20 20:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-11-15 05:29 - 2018-09-20 20:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-11-15 05:29 - 2018-09-20 20:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-11-15 05:29 - 2018-09-20 20:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-11-15 05:29 - 2018-09-20 20:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-11-15 05:29 - 2018-09-20 20:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-11-15 05:29 - 2018-09-20 19:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-11-15 05:29 - 2018-09-20 19:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-11-15 05:29 - 2018-09-20 19:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-11-15 05:29 - 2018-09-20 19:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-11-15 05:29 - 2018-09-20 19:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-11-15 05:29 - 2018-09-20 19:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-11-15 05:29 - 2018-09-20 01:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-11-15 05:29 - 2018-09-20 01:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-11-15 05:29 - 2018-09-20 01:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-11-15 05:29 - 2018-09-20 01:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-11-15 05:29 - 2018-09-20 00:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-11-15 05:29 - 2018-09-20 00:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-11-15 05:29 - 2018-09-20 00:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-11-15 05:29 - 2018-09-20 00:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-11-15 05:29 - 2018-09-19 20:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-11-15 05:29 - 2018-09-19 20:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-11-15 05:29 - 2018-09-19 20:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-11-15 05:29 - 2018-09-19 20:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-11-15 05:29 - 2018-09-19 20:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-11-15 05:29 - 2018-09-19 20:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-11-15 05:29 - 2018-09-19 20:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-11-15 05:29 - 2018-09-19 19:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-11-15 05:29 - 2018-09-19 19:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-11-15 05:29 - 2018-09-19 19:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-11-15 05:29 - 2018-09-19 19:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-11-15 05:29 - 2018-09-19 17:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-11-15 05:29 - 2018-09-08 00:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-11-15 05:29 - 2018-09-08 00:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-11-15 05:29 - 2018-09-08 00:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-11-15 05:29 - 2018-09-08 00:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-11-15 05:29 - 2018-09-08 00:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-11-15 05:29 - 2018-09-08 00:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-11-15 05:29 - 2018-09-08 00:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-11-15 05:29 - 2018-09-08 00:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-11-15 05:29 - 2018-09-08 00:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-11-15 05:29 - 2018-09-08 00:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-11-15 05:29 - 2018-09-07 23:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-11-15 05:29 - 2018-09-07 23:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-11-15 05:29 - 2018-09-07 23:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-11-15 05:29 - 2018-09-07 23:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-11-15 05:29 - 2018-09-07 23:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-11-15 05:29 - 2018-09-07 23:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-11-15 05:29 - 2018-09-07 23:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-11-15 05:29 - 2018-09-07 23:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-11-15 05:29 - 2018-09-07 23:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-11-15 05:29 - 2018-09-07 23:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-11-15 05:29 - 2018-09-07 23:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-11-15 05:29 - 2018-09-07 23:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-11-15 05:29 - 2018-09-07 23:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-11-15 05:29 - 2018-09-07 23:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-11-15 05:29 - 2018-09-07 23:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-11-15 05:29 - 2018-09-07 23:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-11-15 05:29 - 2018-09-07 23:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-11-15 05:29 - 2018-09-07 23:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-11-15 05:29 - 2018-09-07 23:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-11-15 05:29 - 2018-09-07 23:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-11-15 05:29 - 2018-09-07 23:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-11-15 05:29 - 2018-09-07 23:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-11-15 05:29 - 2018-09-07 23:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-11-15 05:29 - 2018-09-07 23:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-11-15 05:29 - 2018-09-07 23:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-11-15 05:29 - 2018-09-07 23:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-11-15 05:29 - 2018-09-07 23:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-11-15 05:29 - 2018-09-07 23:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-11-15 05:29 - 2018-09-07 23:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-11-15 05:29 - 2018-09-07 22:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-11-15 05:29 - 2018-09-07 22:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-11-15 05:29 - 2018-09-07 22:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-11-15 05:29 - 2018-09-07 22:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-11-15 05:29 - 2018-09-07 22:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-11-15 05:29 - 2018-09-07 22:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-11-15 05:29 - 2018-09-07 22:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-11-15 05:29 - 2018-09-07 22:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-11-15 05:29 - 2018-09-07 22:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-11-15 05:29 - 2018-09-07 22:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-11-15 05:29 - 2018-09-07 22:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-11-15 05:29 - 2018-09-07 22:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-11-15 05:29 - 2018-09-07 20:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-11-15 05:29 - 2018-09-07 19:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-11-15 05:29 - 2018-09-07 19:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-11-15 05:29 - 2018-09-07 19:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-11-15 05:29 - 2018-09-07 19:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-11-15 05:29 - 2018-09-07 19:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-11-15 05:29 - 2018-09-07 19:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-11-15 05:29 - 2018-09-07 19:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-11-15 05:29 - 2018-09-07 19:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-11-15 05:29 - 2018-09-07 19:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-11-15 05:29 - 2018-09-07 19:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-11-15 05:29 - 2018-09-07 19:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-11-15 05:29 - 2018-09-07 19:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-11-15 05:29 - 2018-09-07 19:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-11-15 05:29 - 2018-09-07 19:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-11-15 05:29 - 2018-09-07 19:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-11-15 05:29 - 2018-09-07 19:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-11-15 05:29 - 2018-09-07 19:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-11-15 05:29 - 2018-09-07 19:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-11-15 05:29 - 2018-09-07 19:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-11-15 05:29 - 2018-09-07 19:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-11-15 05:29 - 2018-09-07 19:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-11-15 05:29 - 2018-09-07 19:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-11-15 05:29 - 2018-09-07 19:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-11-15 05:29 - 2018-09-07 19:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-11-15 05:29 - 2018-09-07 19:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-11-15 05:29 - 2018-09-07 19:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-11-15 05:29 - 2018-09-07 19:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-11-15 05:29 - 2018-09-07 19:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-11-15 05:29 - 2018-09-07 19:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-11-15 05:29 - 2018-09-07 19:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-11-15 05:29 - 2018-09-07 19:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-11-15 05:29 - 2018-09-07 19:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-11-15 05:29 - 2018-09-07 19:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-11-15 05:29 - 2018-09-07 19:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-11-15 05:29 - 2018-09-07 19:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-11-15 05:29 - 2018-09-07 19:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-11-15 05:29 - 2018-09-07 19:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-11-15 05:29 - 2018-09-07 19:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-11-15 05:29 - 2018-09-07 19:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-11-15 05:29 - 2018-09-07 19:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-11-15 05:29 - 2018-09-07 19:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-11-15 05:29 - 2018-09-07 19:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-11-15 05:29 - 2018-08-02 19:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-11-15 05:29 - 2018-04-27 20:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-13 11:38 - 2018-11-13 11:38 - 000000000 ____D C:\Program Files\OpenSC Project
2018-11-13 11:35 - 2018-11-13 11:35 - 003720192 _____ C:\Users\ben\Downloads\opensc-0.13.0-win64.msi
2018-11-13 11:16 - 2018-11-13 11:16 - 000011832 _____ C:\Users\ben\Downloads\singleAm.tgz
2018-11-09 14:30 - 2018-11-09 14:30 - 000939845 _____ C:\Users\ben\Documents\HENWOOD auth return.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-07 11:02 - 2018-04-11 13:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-12-07 11:01 - 2018-10-09 18:48 - 000176976 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2018-12-07 10:51 - 2015-10-13 14:53 - 000000000 ____D C:\Users\ben\AppData\Local\Eclipse
2018-12-07 10:51 - 2015-10-13 14:53 - 000000000 ____D C:\Users\ben\.p2
2018-12-07 10:46 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-07 10:42 - 2018-04-11 15:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-12-07 10:38 - 2015-10-07 14:37 - 000000000 ___RD C:\Users\ben\Dropbox
2018-12-07 10:31 - 2017-05-22 11:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-12-07 10:31 - 2015-10-08 14:42 - 000000000 __SHD C:\Users\ben\IntelGraphicsProfiles
2018-12-07 10:30 - 2018-10-26 12:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-12-07 10:30 - 2018-05-09 16:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-07 10:30 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-07 10:29 - 2018-04-11 13:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-07 10:12 - 2018-05-09 15:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-07 09:21 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-07 09:10 - 2018-05-09 15:33 - 000968400 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-07 09:06 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-07 09:03 - 2016-11-18 11:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-12-07 09:03 - 2015-10-07 12:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-06 23:04 - 2016-09-22 18:57 - 000007611 _____ C:\Users\ben\AppData\Local\Resmon.ResmonCfg
2018-12-06 21:29 - 2015-10-07 13:25 - 000001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-12-06 21:16 - 2016-11-18 17:17 - 000000000 ____D C:\Users\ben\AppData\LocalLow\Mozilla
2018-12-06 17:09 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-06 17:05 - 2018-05-09 16:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-06 17:05 - 2018-04-11 15:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-12-06 17:03 - 2017-12-15 13:21 - 000000000 ____D C:\Users\ben\AppData\Local\Packages
2018-12-06 17:02 - 2018-10-29 12:56 - 000000000 ____D C:\Users\ben\AppData\Roaming\Mozilla
2018-12-06 16:55 - 2010-11-20 19:27 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-06 16:50 - 2018-06-14 09:00 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-06 16:50 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-06 16:50 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-06 14:07 - 2015-11-10 14:43 - 000000000 ____D C:\Users\ben\Documents\Misc
2018-12-06 12:15 - 2018-05-09 15:38 - 000000000 ____D C:\Users\ben
2018-12-06 12:09 - 2018-05-09 15:38 - 000000000 ____D C:\Users\DefaultAppPool
2018-12-06 12:09 - 2018-04-11 13:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-12-06 12:09 - 2016-08-25 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-06 12:09 - 2009-07-13 19:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-12-06 12:07 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-12-06 12:01 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\registration
2018-12-06 12:00 - 2016-10-03 12:32 - 000000000 ____D C:\Program Files (x86)\Java
2018-12-04 17:27 - 2015-10-27 12:48 - 000002356 ____H C:\Users\ben\Documents\Default.rdp
2018-11-30 20:01 - 2018-04-11 15:41 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-30 20:01 - 2018-04-11 15:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-29 12:18 - 2015-10-07 14:33 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-26 16:36 - 2016-08-25 15:28 - 000000000 ____D C:\eclipse_NEON
2018-11-26 14:34 - 2016-03-18 12:45 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 14:34 - 2016-03-18 12:45 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-15 09:05 - 2017-12-15 13:55 - 000000000 ___RD C:\Users\ben\3D Objects
2018-11-15 09:05 - 2016-06-16 15:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 09:03 - 2018-05-09 15:29 - 000490192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-15 09:00 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-11-14 05:28 - 2018-07-27 12:35 - 000000000 ____D C:\ProgramData\Packages
2018-11-14 04:44 - 2015-10-09 02:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 04:42 - 2015-10-09 02:31 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-14 04:42 - 2015-10-07 15:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-14 04:35 - 2009-07-13 18:34 - 000000478 _____ C:\WINDOWS\win.ini
2018-11-14 01:09 - 2018-06-14 09:00 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-13 11:58 - 2017-10-10 13:27 - 000172032 _____ C:\WINDOWS\SysWOW64\coolkeypk11.dll
2018-11-09 14:09 - 2017-05-22 15:51 - 000003286 _____ C:\Users\ben\Documents\tps-exec_from_okapi.bscp
2018-11-08 10:16 - 2015-10-07 13:29 - 000000000 ____D C:\Users\ben\AppData\Roaming\Thunderbird

==================== Files in the root of some directories =======

2018-12-07 10:10 - 2018-12-07 10:10 - 000445643 _____ () C:\Users\ben\AppData\Local\ars.cache
2018-12-07 10:10 - 2018-12-07 10:10 - 000609468 _____ () C:\Users\ben\AppData\Local\census.cache
2018-12-07 09:35 - 2018-12-07 09:35 - 000000036 _____ () C:\Users\ben\AppData\Local\housecall.guid.cache
2017-05-22 15:52 - 2018-10-16 16:31 - 000000600 _____ () C:\Users\ben\AppData\Local\PUTTY.RND
2016-09-22 18:57 - 2018-12-06 23:04 - 000007611 _____ () C:\Users\ben\AppData\Local\Resmon.ResmonCfg
2018-12-07 09:39 - 2018-12-07 09:39 - 000000010 _____ () C:\Users\ben\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-09 15:29

==================== End of FRST.txt ============================

Addition.txt

[benwood]

Thanks for looking at this Nasdaq.  BTW, I installed and ran avast and trendmicro scanners (online) and then uninstalled.  I am currently giving Kaspersky a trial run, so far nothing has turned up.  Pattern is the browser will lock up, usually very soon after launch, and it cannot be terminated via Task Manager (I can try, but the task never dies).  I had to reset this PC a couple hours ago when there was a frozen and unkillable task running for all those major browsers.  I have installed a lot of tricky stuff on this PC so really hoping not to go the reformat and start over route.

[benwood]

Also tried Windows Defender, which also gave the PC a clean bill of health.

[nasdaq]

Hi,

Before you do anything disable one of these security program.

AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}

AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}

Both cannot be run in real time. it can only slowdown your computer and cause problems.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

When completed.

Open Malwarebytes Anti-Malware.

On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:
Scan for Rootkits
Scan within Archives

Scroll further to Potential Threat Protection make sure the following are set as follows:

Potentially Unwanted Programs (PUP`s)        set as :- Always detect PUP`s (recommended)
Potentially Unwanted Modifications (PUM`s)  set as :- Always detect PUM`s (recommended)

Click on the Scan make sure Threat Scan is selected,

A Threat Scan will begin.

When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

If asked to restart your computer to complete the removal, please do so

When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

Click on the Reports tab > from main interface.
Double click on the Scan log which shows the Date and time of the scan just performed.
Click Export > From export you have two options: > From export you have two options:
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply
===

Post the logs and let me know what problem persists.

fixlist.txt

[benwood]

Thanks Nasdaq.  Short story is system is unchanged from before (more details in third post).  Here is Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ben (08-12-2018 08:59:28) Run:1
Running from C:\Users\ben\Dropbox\FarBar
Loaded Profiles: ben (Available Profiles: ben & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKLM?\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKLM\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKLM\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKLM\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
CustomCLSID: HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\ben\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\ben\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\ben\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {2B1C0B4A-B1F4-4A6A-B874-C52942D9C724} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2DD03F28-0835-45D6-8855-9881E31D35D4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2F7ACAD8-6FB1-427F-9181-19E4F57EE1F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {34BDF729-10B5-4F1B-8D9B-61B5FE4CBA14} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {507185A1-02BB-4C63-BD25-6E6D66F01367} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8D4D92D8-416D-446E-A07A-86986AE18748} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8EAF6395-76DD-496A-B3D2-058259C7B521} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD8D8095-5269-4222-A054-59284EE7BD95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E63DF183-F7F5-49BD-AFB2-71F159A1BA92} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FC7BC52D-0890-467E-93DC-7C3E8B14EFC5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ACINT:com.dropbox.attributes [168]
AlternateDataStreams: C:\LSA_Sphere:com.dropbox.attributes [168]
AlternateDataStreams: C:\TPS:com.dropbox.attributes [168]
AlternateDataStreams: C:\tps_release_info:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ben\Documents\icons:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ben\Documents\shortcuts:com.dropbox.attributes [168]
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7DA8E84296EE238818EE427287774508B26D094A => removed successfully
"HKU\HKLM?\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)\Software\Microsoft\SystemCertificates\Disallowed\Certificates\99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434" => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 => removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 => removed successfully
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7DA8E84296EE238818EE427287774508B26D094A => removed successfully
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\Software\Microsoft\SystemCertificates\Disallowed\Certificates\99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 => removed successfully
HKU\S-1-5-21-1712612234-384893071-3845527833-1000\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1712612234-384893071-3845527833-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B1C0B4A-B1F4-4A6A-B874-C52942D9C724}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B1C0B4A-B1F4-4A6A-B874-C52942D9C724}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DD03F28-0835-45D6-8855-9881E31D35D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DD03F28-0835-45D6-8855-9881E31D35D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7ACAD8-6FB1-427F-9181-19E4F57EE1F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7ACAD8-6FB1-427F-9181-19E4F57EE1F6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34BDF729-10B5-4F1B-8D9B-61B5FE4CBA14}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34BDF729-10B5-4F1B-8D9B-61B5FE4CBA14}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{507185A1-02BB-4C63-BD25-6E6D66F01367}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{507185A1-02BB-4C63-BD25-6E6D66F01367}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D4D92D8-416D-446E-A07A-86986AE18748}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D4D92D8-416D-446E-A07A-86986AE18748}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EAF6395-76DD-496A-B3D2-058259C7B521}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EAF6395-76DD-496A-B3D2-058259C7B521}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD8D8095-5269-4222-A054-59284EE7BD95}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD8D8095-5269-4222-A054-59284EE7BD95}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E63DF183-F7F5-49BD-AFB2-71F159A1BA92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E63DF183-F7F5-49BD-AFB2-71F159A1BA92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC7BC52D-0890-467E-93DC-7C3E8B14EFC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7BC52D-0890-467E-93DC-7C3E8B14EFC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
C:\ACINT => ":com.dropbox.attributes" ADS removed successfully
C:\LSA_Sphere => ":com.dropbox.attributes" ADS removed successfully
C:\TPS => ":com.dropbox.attributes" ADS removed successfully
C:\tps_release_info => ":com.dropbox.attributes" ADS removed successfully
C:\Users\ben\Documents\icons => ":com.dropbox.attributes" ADS removed successfully
C:\Users\ben\Documents\shortcuts => ":com.dropbox.attributes" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 83245588 B
Java, Flash, Steam htmlcache => 40784 B
Windows/system/drivers => 71973364 B
Edge => 4597398 B
Chrome => 151691760 B
Firefox => 53484843 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1657706 B
LocalService => 0 B
NetworkService => 12040 B
NetworkService => 0 B
ben => 254012533 B
DefaultAppPool => 33058 B

RecycleBin => 166129 B
EmptyTemp: => 602.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:02:38 ====

[benwood]

Malwarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/8/18
Scan Time: 9:30 AM
Log File: edb70502-fb0e-11e8-b0c3-1cb72cabe7d2.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8223
License: Trial

-System Information-
OS: Windows 10 (Build 17134.407)
CPU: x64
File System: NTFS
User: \

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 392288
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

[benwood]

So, computer behavior is unchanged -- browsers crashing and tasks cannot be terminated.  Here is what I tried and what happened:

Firefox:  screen would not display.  In task manager, it could not be terminated.

Chrome:  loaded and displayed, and home page (google.com) OK, clicked a bookmark, but it would not load (NBC sports).  Manually entered google.com in the address bar, and it reloaded google.com.  I entered a search, which worked, and clicked a link, worked (might have been cached).  Clicked another bookmark (Seattle Times web page) which worked), but extremely slow -- 'waiting for ads.deliverimp.com....' on bottom status bar of chrome.

I looked at taskmanager at this point, and there were 14 chrome threads running (!).  Killed these, and then tried to re-run chrome, and it would not display.  This time, chrome task could not be terminated.

My network settings appear to be unchanged (no proxy installed).  My hosts file is unaltered.

I then launched MS Edge... it also would not display.

Thunderbird e-mail loaded and functioned normally.  I could launch Eclipse and it loaded normally.

Oh, last night the run of Kaspersky found nothing, and then I uninstalled it.  Only running Sophos again.

[nasdaq]

Hi,

Your copy of Chrome has probably been compromised

Remove Chrome from your Computer and reinstall a fresh copy later.

If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Re-install Chrome and the Bookmarks.
<<<>>>

You should do the same with Firefox.

Remove and reinstall FireFox.

Before proceeding save your Bookmarks. (Export)
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Firefox Password manager - Import your passwords.
Password Manager - Remember, delete, change and import saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import#w_protecting-your-passwords

If you are Syncing Firefox it with other Devices remove it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

When all is well you can re-sync your devices.
<<<>>>

Keep me posted.

[benwood]

Thank you for those suggestions.  I appear to be hitting a dry hole.

I could not launch either of those browsers to delete the cache and settings from within, but did so this way after a fresh boot: 

1) chrome, uninstalled app, and removed data when uninstalling

2) Firefox, uninstalled app.  When to user AppData then /Local, /LocalLow, /Roaming and removed Mozilla folder entirely.  Also cleared out recycle bin.

Edge loaded but froze (I was going to use it to reinstall the others).  Rebooted, ran Edge again, ran it's Repair feature, which never completed, rebooted and ran Edge again, tried it's Restore feature, which seemed to complete but it still froze.

Rebooted (clearing out crashed/frozen browsers), ran complete scan using Sophos, then using MalwareBytes.  Nothing found.

Used my dropbox to slip a chrome installer onto that computer, installed Chrome.  Imported bookmarks and used a couple, and then it froze. 

Put a Firefox installer on that PC and installed Firefox, imported the bookmarks, and it froze when I tried the first one.

Neither Chrome nor Firefox dead tasks could be deleted by task manager.

One thing that happened to this PC at the beginning is the PS/2 port stopped working.  I have a feeling that one or more drivers have been compromised and fail.

So thanks for your suggestions so far and if you have any ideas about a next step I would be more than happy to give it a try!

[nasdaq]

Hi.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

[benwood]

After trying that scan and repair and having the same problem, I decided to try to restore from within Windows.  I rolled back to a restore point from late Sept.  A few quirks persisted with the browsers, but I uninstalled and reinstalled Chrome and Firefox and seem to be back on track  Now re-updating some critical Windows fixes etc.

Browsers appear to be functioning OK.  Sophos and Malwarebytes scans turn up nothing (although they never did find anything).

I think I'm in the clear without having to do a complete reinstall.

Thanks for your help and steering, Nasdaq, it did help me learn a better recovery process.  It's the first time it's come up with a computer I manage for at least five years.

[nasdaq]

Glad we could help.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks