Jump to content

downloadmyinboxhelper.com?


Recommended Posts

My wife's Windows 10 computer appears to be infected with annoying adware that Malwarebytes Premium doesn't find.

Ads for various garbage pop up on the lower right of the screen that say "Google Chrome . downloadmyinboxhelper.com"

I can't get a screen-grab of it with Windows Snipping Tool.

Any suggestion for how to get rid of this crap?

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
 

Link to post
Share on other sites

Forgive my skepticism. Chrome blocked download of this "Farbar" utility:

Why the download was blocked

Your file download may have been blocked for one of two reasons:

  • We think it might be a malicious, unwanted, or uncommon file.
    • Malicious: You tried downloading malware.
    • Unwanted: You tried downloading a deceptive piece of software. This program, disguised as a helpful download, may actually make unexpected changes to your computer.
    • Uncommon: You tried downloading an unfamiliar and potentially dangerous piece of software.
  • We've found that the website you tried to download the file from has been known to distribute malware.

Clicking on unknown files was how we got into this mess in the first place.

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.01.2019
Ran by Qinqin (administrator) on QINQIN-PC (06-01-2019 11:23:30)
Running from C:\Users\Qinqin\Desktop\fubar
Loaded Profiles: Qinqin (Available Profiles: Qinqin & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.472 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18102.10531.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(The Qt Company Ltd) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4049216 2018-12-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [136952 2018-05-30] (Intel)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2018-02-02] (Carbonite, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-09] (Google Inc.)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc.)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-12-03] (Apple Inc.)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-12-03] (Apple Inc.)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [HP Officejet Pro X576dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\Root\Office15\lync.exe [24327256 2018-10-16] (Microsoft Corporation)
HKU\S-1-5-21-2187288887-7447770-3814436497-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [570368 2018-04-11] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [398360 2009-10-07] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-11] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2009-10-07] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8a512fdd-f4ea-4789-9ce3-fe48e368ecba}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-13] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-13] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2187288887-7447770-3814436497-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2187288887-7447770-3814436497-1000: SkypeForBusinessPlugin-15.8 -> C:\Users\Qinqin\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2187288887-7447770-3814436497-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\Qinqin\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.242\npGatewayNpapi.dll [2018-05-22] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2187288887-7447770-3814436497-1000: SkypeForBusinessPlugin64-15.8 -> C:\Users\Qinqin\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2187288887-7447770-3814436497-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\Qinqin\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.242\npGatewayNpapi-x64.dll [2018-05-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Qinqin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-02] (Cisco WebEx LLC)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://translate.google.com/favicon.ico
CHR Profile: C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default [2019-01-06]
CHR Extension: (Google Translate) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default\Extensions\defagiknfbdkcmhacemhefjabocpmamg [2017-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2018-11-06]
CHR Extension: (Cisco Webex Extension) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR Profile: C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-06]
CHR Profile: C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-10]
CHR Extension: (Slides) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-06]
CHR Extension: (Docs) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-06]
CHR Extension: (Google Drive) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-06]
CHR Extension: (YouTube) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-06]
CHR Extension: (Sheets) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-06]
CHR Extension: (Gmail) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-06]
CHR Profile: C:\Users\Qinqin\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-12-12] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23288 2018-05-30] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [194792 2018-09-19] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EfiVariable; C:\WINDOWS\SysWOW64\Drivers\variable64.sys [18200 2010-10-28] (Windows (R) Server 2003 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-18] (Malwarebytes)
R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2018-12-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-06] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-06] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-06] (Malwarebytes)
R2 osaio; C:\Windows\system32\drivers\osaio.sys [17176 2014-12-27] (OSA Technologies, An Avocent Company)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 11:23 - 2019-01-06 11:23 - 000000000 ____D C:\FRST
2019-01-06 11:20 - 2019-01-06 11:23 - 000000000 ____D C:\Users\Qinqin\Desktop\fubar
2019-01-06 11:13 - 2019-01-06 11:19 - 002425856 _____ (Farbar) C:\Users\Qinqin\Downloads\FRST64 (1).exe
2019-01-06 10:48 - 2019-01-06 10:48 - 000000000 ____D C:\Users\Qinqin\AppData\Local\D3DSCache
2019-01-06 09:32 - 2019-01-06 09:32 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-06 09:32 - 2019-01-06 09:32 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-06 09:32 - 2019-01-06 09:32 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-06 09:32 - 2019-01-06 09:32 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-06 09:11 - 2019-01-06 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2019-01-06 09:08 - 2019-01-06 09:08 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2019-01-06 09:08 - 2019-01-06 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-01-06 09:08 - 2019-01-06 09:08 - 000000000 ____D C:\Program Files\iPod
2019-01-06 09:07 - 2019-01-06 09:08 - 000000000 ____D C:\Program Files\iTunes
2019-01-06 09:01 - 2019-01-06 09:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2019-01-06 09:01 - 2019-01-06 09:01 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2019-01-05 15:32 - 2019-01-05 15:32 - 000083892 _____ C:\Users\Qinqin\Downloads\FOLIODETE_20190105115635.pdf
2018-12-29 21:54 - 2018-12-29 21:54 - 001292475 _____ C:\Users\Qinqin\Downloads\archive (7) (1).zip
2018-12-29 21:46 - 2018-12-29 21:46 - 001292475 _____ C:\Users\Qinqin\Downloads\archive (7).zip
2018-12-29 12:06 - 2018-12-29 12:06 - 000133005 _____ C:\Users\Qinqin\Downloads\2018_10_9e7d73e8-cbb3-4686-a7da-1a55e8ab3e45_SES(Sup)CurrentProposedDutyStatement (1).pdf
2018-12-29 12:03 - 2018-12-29 12:03 - 000836560 _____ C:\Users\Qinqin\Downloads\2018_11_eb3fd72d-08fa-48e3-b5cc-44cec4970609_helpdesk@wildlife.ca.gov_20181106_085940.pdf
2018-12-29 11:57 - 2018-12-29 11:57 - 000080394 _____ C:\Users\Qinqin\Downloads\2018_12_c1122b6b-6dab-47f6-a7d3-7de0d7f0a2d8_Revised-ProposedDutyStatement.pdf
2018-12-29 11:54 - 2018-12-29 11:54 - 000135063 _____ C:\Users\Qinqin\Downloads\2018_12_899d38c3-8f76-4c45-bdc9-513b3264fe07_DutyStatement (1).pdf
2018-12-27 09:11 - 2018-12-27 09:11 - 000008346 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2018-12-27 09:11 - 2018-12-27 09:11 - 000002201 _____ C:\Users\Public\Desktop\Carbonite.lnk
2018-12-27 09:11 - 2018-12-27 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2018-12-27 09:10 - 2018-12-27 09:10 - 017266664 _____ (Carbonite, Inc.) C:\Users\Qinqin\Downloads\CarboniteSetup-personal-client.exe
2018-12-27 09:10 - 2018-12-27 09:10 - 000000000 ____D C:\ProgramData\Carbonite
2018-12-27 09:10 - 2018-12-27 09:10 - 000000000 ____D C:\Program Files\Carbonite
2018-12-27 09:10 - 2018-12-27 09:10 - 000000000 ____D C:\Program Files (x86)\Carbonite
2018-12-26 13:36 - 2018-12-26 13:36 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-20 11:31 - 2018-12-20 11:31 - 001597373 _____ C:\Users\Qinqin\Downloads\Transcript_UC_davis_A_(1).pdf
2018-12-20 11:26 - 2018-12-20 11:26 - 000378463 _____ C:\Users\Qinqin\Downloads\f2018_QLiu_Calrecyle_STD_678 (2).pdf
2018-12-20 11:26 - 2018-12-20 11:26 - 000378463 _____ C:\Users\Qinqin\Downloads\f2018_QLiu_Calrecyle_STD_678 (1).pdf
2018-12-20 11:24 - 2018-12-20 11:24 - 000378434 _____ C:\Users\Qinqin\Downloads\f2018_QLiu_Calrecyle_STD_678.pdf
2018-12-20 11:07 - 2018-12-20 11:07 - 000026724 _____ C:\Users\Qinqin\Downloads\JobApplication (10).pdf
2018-12-20 11:06 - 2018-12-20 11:06 - 000026724 _____ C:\Users\Qinqin\Downloads\JobApplication (9).pdf
2018-12-20 05:17 - 2018-12-14 04:24 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-12-20 05:17 - 2018-12-13 23:29 - 006567472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-20 05:17 - 2018-12-13 23:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-20 05:17 - 2018-12-13 23:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-20 05:17 - 2018-12-13 23:23 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-12-20 05:17 - 2018-12-13 23:23 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-12-20 05:17 - 2018-12-13 23:23 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-12-20 05:17 - 2018-12-13 23:23 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-12-20 05:17 - 2018-12-13 23:23 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-12-20 05:17 - 2018-12-13 23:22 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-12-20 05:17 - 2018-12-13 23:22 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-12-20 05:17 - 2018-12-13 23:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-20 05:17 - 2018-12-13 23:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-20 05:17 - 2018-12-13 23:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-20 05:17 - 2018-12-13 23:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-20 05:17 - 2018-12-13 23:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-20 05:17 - 2018-12-13 23:13 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-12-20 05:17 - 2018-12-13 23:12 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-12-20 05:17 - 2018-12-13 23:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-20 05:17 - 2018-12-13 23:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-20 05:17 - 2018-12-13 22:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-20 05:17 - 2018-12-13 22:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-20 05:17 - 2018-12-13 22:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-20 05:17 - 2018-12-13 22:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-20 05:17 - 2018-12-13 22:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-12-20 05:17 - 2018-12-13 22:53 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-12-20 05:17 - 2018-12-13 22:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-20 05:17 - 2018-12-13 22:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-20 05:17 - 2018-12-13 22:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-20 05:17 - 2018-12-13 22:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-20 05:17 - 2018-12-13 21:34 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-12-18 10:19 - 2018-12-18 10:19 - 000108879 _____ C:\Users\Qinqin\Downloads\2018_12_199c9044-5450-42d6-bfc7-01e5f4030a7a_12.13.18(50003150)525JC137900SrESSpr (1).pdf
2018-12-18 10:18 - 2018-12-18 10:18 - 000260088 _____ C:\Users\Qinqin\Downloads\2018_12_d6df56bf-ca0f-40f0-bc96-3d7d81fad49a_BDR18-058DutyStatement (2).pdf
2018-12-18 10:16 - 2018-12-18 10:16 - 000720094 _____ C:\Users\Qinqin\Downloads\2018_12_151beb39-ddda-4f1a-851d-c465b69115aa_helpdesk@wildlife.ca.gov_20181210_102813 (1).pdf
2018-12-18 10:13 - 2018-12-18 10:13 - 000127016 _____ C:\Users\Qinqin\Downloads\2018_12_e7a68212-d064-40e5-968d-665d3a2160ab_EPMIDutyStatement_InnovativeTechnologies_November2018_v2 (1).pdf
2018-12-18 10:10 - 2018-12-18 10:10 - 000151692 _____ C:\Users\Qinqin\Downloads\2018_11_f7038953-5e7c-402d-82cf-e864c75a2a25_EPMIDutyStatement_ProductStewardshipSection_Nov2018 (1).pdf
2018-12-18 10:09 - 2018-12-18 10:09 - 000151692 _____ C:\Users\Qinqin\Downloads\2018_11_f7038953-5e7c-402d-82cf-e864c75a2a25_EPMIDutyStatement_ProductStewardshipSection_Nov2018.pdf
2018-12-18 10:07 - 2018-12-18 10:07 - 000135063 _____ C:\Users\Qinqin\Downloads\2018_12_899d38c3-8f76-4c45-bdc9-513b3264fe07_DutyStatement.pdf
2018-12-17 08:55 - 2018-12-17 08:55 - 000108879 _____ C:\Users\Qinqin\Downloads\2018_12_199c9044-5450-42d6-bfc7-01e5f4030a7a_12.13.18(50003150)525JC137900SrESSpr.pdf
2018-12-15 21:55 - 2018-12-15 21:55 - 000260088 _____ C:\Users\Qinqin\Downloads\2018_12_d6df56bf-ca0f-40f0-bc96-3d7d81fad49a_BDR18-058DutyStatement (1).pdf
2018-12-15 21:52 - 2018-12-15 21:52 - 000260088 _____ C:\Users\Qinqin\Downloads\2018_12_d6df56bf-ca0f-40f0-bc96-3d7d81fad49a_BDR18-058DutyStatement.pdf
2018-12-15 21:48 - 2018-12-15 21:48 - 000720094 _____ C:\Users\Qinqin\Downloads\2018_12_151beb39-ddda-4f1a-851d-c465b69115aa_helpdesk@wildlife.ca.gov_20181210_102813.pdf
2018-12-15 21:44 - 2018-12-15 21:44 - 000023131 _____ C:\Users\Qinqin\Downloads\2018_11_c006e645-0d70-466b-8230-eee81d527d30_18-140-053DS2b(002).pdf
2018-12-15 21:37 - 2018-12-15 21:37 - 000127016 _____ C:\Users\Qinqin\Downloads\2018_12_e7a68212-d064-40e5-968d-665d3a2160ab_EPMIDutyStatement_InnovativeTechnologies_November2018_v2.pdf
2018-12-15 21:29 - 2018-12-15 21:29 - 000110447 _____ C:\Users\Qinqin\Downloads\2018_12_26632a6a-9397-41c9-b77c-88cb30dd3655_12.6.18(50044931)525JC133519EPMII.pdf
2018-12-13 14:16 - 2018-12-13 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-12-12 21:12 - 2018-12-12 21:12 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-12-12 21:12 - 2018-12-12 21:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-12-12 21:12 - 2018-12-12 21:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-12-12 21:12 - 2018-12-12 21:12 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-12-12 08:09 - 2018-12-08 04:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 08:09 - 2018-12-08 04:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 08:09 - 2018-12-08 04:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 08:09 - 2018-12-08 04:28 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-12-12 08:09 - 2018-12-08 04:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 08:09 - 2018-12-08 00:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 08:09 - 2018-12-08 00:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 08:09 - 2018-12-08 00:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 08:09 - 2018-12-08 00:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 08:09 - 2018-12-07 23:49 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-12-12 08:09 - 2018-12-07 23:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 08:09 - 2018-12-07 23:42 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-12-12 08:09 - 2018-12-07 23:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 08:09 - 2018-12-07 23:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 08:09 - 2018-12-07 23:38 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-12-12 08:09 - 2018-12-07 23:33 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-12-12 08:09 - 2018-11-08 22:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 08:09 - 2018-11-08 18:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 08:09 - 2018-11-08 18:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-12-12 08:09 - 2018-11-08 17:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-12-12 08:08 - 2018-12-08 04:48 - 000034104 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-12-12 08:08 - 2018-12-08 04:47 - 001786896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 001627656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 001422864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 001038352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000954384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000830480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000825352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000750096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000670224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000495632 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000399880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000258064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000231440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-12-12 08:08 - 2018-12-08 04:47 - 000228368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-12-12 08:08 - 2018-12-08 04:47 - 000180752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-12-12 08:08 - 2018-12-08 04:47 - 000173072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-12-12 08:08 - 2018-12-08 04:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 08:08 - 2018-12-08 04:43 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2018-12-12 08:08 - 2018-12-08 04:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 08:08 - 2018-12-08 04:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 08:08 - 2018-12-08 04:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 08:08 - 2018-12-08 04:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 08:08 - 2018-12-08 04:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 08:08 - 2018-12-08 04:29 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-12-12 08:08 - 2018-12-08 04:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 08:08 - 2018-12-08 04:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 08:08 - 2018-12-08 04:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 08:08 - 2018-12-08 04:27 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 08:08 - 2018-12-08 04:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 08:08 - 2018-12-08 04:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 08:08 - 2018-12-08 04:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 08:08 - 2018-12-08 04:25 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-12-12 08:08 - 2018-12-08 04:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 08:08 - 2018-12-08 04:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 08:08 - 2018-12-08 04:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 08:08 - 2018-12-08 04:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 08:08 - 2018-12-08 04:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 08:08 - 2018-12-08 04:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 08:08 - 2018-12-08 04:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 08:08 - 2018-12-08 04:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 08:08 - 2018-12-08 04:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 08:08 - 2018-12-08 00:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 08:08 - 2018-12-08 00:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 08:08 - 2018-12-08 00:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 08:08 - 2018-12-08 00:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 08:08 - 2018-12-08 00:07 - 001063416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-12-12 08:08 - 2018-12-08 00:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 08:08 - 2018-12-08 00:06 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-12-12 08:08 - 2018-12-08 00:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 08:08 - 2018-12-08 00:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 08:08 - 2018-12-08 00:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 08:08 - 2018-12-08 00:05 - 002463384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 08:08 - 2018-12-08 00:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 08:08 - 2018-12-08 00:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 08:08 - 2018-12-08 00:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 08:08 - 2018-12-08 00:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-12-12 08:08 - 2018-12-08 00:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 08:08 - 2018-12-08 00:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 08:08 - 2018-12-08 00:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 08:08 - 2018-12-08 00:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 08:08 - 2018-12-08 00:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 08:08 - 2018-12-08 00:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 08:08 - 2018-12-08 00:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000268280 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 08:08 - 2018-12-08 00:04 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-12-12 08:08 - 2018-12-08 00:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 08:08 - 2018-12-08 00:04 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2018-12-12 08:08 - 2018-12-07 23:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 08:08 - 2018-12-07 23:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 08:08 - 2018-12-07 23:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 08:08 - 2018-12-07 23:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 08:08 - 2018-12-07 23:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 08:08 - 2018-12-07 23:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 08:08 - 2018-12-07 23:40 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-12-12 08:08 - 2018-12-07 23:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 08:08 - 2018-12-07 23:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-12-12 08:08 - 2018-12-07 23:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 08:08 - 2018-12-07 23:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 08:08 - 2018-12-07 23:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 08:08 - 2018-12-07 23:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 08:08 - 2018-12-07 23:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 08:08 - 2018-12-07 23:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 08:08 - 2018-12-07 23:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 08:08 - 2018-12-07 23:35 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-12-12 08:08 - 2018-12-07 23:35 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-12-12 08:08 - 2018-12-07 23:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 08:08 - 2018-12-07 23:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 08:08 - 2018-12-07 23:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 08:08 - 2018-12-07 23:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 08:08 - 2018-12-07 23:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 08:08 - 2018-12-07 23:32 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 08:08 - 2018-12-07 23:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 08:08 - 2018-12-07 23:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 08:08 - 2018-12-07 23:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 08:08 - 2018-12-07 23:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 08:08 - 2018-12-07 23:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 08:08 - 2018-12-07 23:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 08:08 - 2018-12-07 23:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 08:08 - 2018-12-07 23:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 08:08 - 2018-12-07 23:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 08:08 - 2018-12-07 23:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 08:08 - 2018-12-07 23:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 08:08 - 2018-12-07 23:28 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-12-12 08:08 - 2018-12-07 23:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 08:08 - 2018-12-07 23:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 08:08 - 2018-12-07 23:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 08:08 - 2018-12-07 23:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 08:08 - 2018-12-07 23:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 08:08 - 2018-12-07 23:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 08:08 - 2018-12-07 23:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 08:08 - 2018-12-07 23:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 08:08 - 2018-12-07 23:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 08:08 - 2018-12-07 23:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 08:08 - 2018-12-07 23:24 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 08:08 - 2018-12-07 23:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 08:08 - 2018-12-07 23:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 08:08 - 2018-12-07 23:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 08:08 - 2018-11-08 22:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 08:08 - 2018-11-08 21:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 08:08 - 2018-11-08 21:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 08:08 - 2018-11-08 21:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 08:08 - 2018-11-08 21:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 08:08 - 2018-11-08 21:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 08:08 - 2018-11-08 21:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 08:08 - 2018-11-08 21:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 08:08 - 2018-11-08 21:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 08:08 - 2018-11-08 21:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 08:08 - 2018-11-08 21:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 08:08 - 2018-11-08 21:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 08:08 - 2018-11-08 21:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 08:08 - 2018-11-08 21:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 08:08 - 2018-11-08 21:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 08:08 - 2018-11-08 21:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 08:08 - 2018-11-08 21:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 08:08 - 2018-11-08 21:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 08:08 - 2018-11-08 21:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 08:08 - 2018-11-08 18:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 08:08 - 2018-11-08 18:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 08:08 - 2018-11-08 18:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 08:08 - 2018-11-08 18:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 08:08 - 2018-11-08 18:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 08:08 - 2018-11-08 18:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 08:08 - 2018-11-08 18:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 08:08 - 2018-11-08 18:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 08:08 - 2018-11-08 18:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 08:08 - 2018-11-08 18:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 08:08 - 2018-11-08 18:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-12-12 08:08 - 2018-11-08 18:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 08:08 - 2018-11-08 18:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 08:08 - 2018-11-08 18:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 08:08 - 2018-11-08 18:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 08:08 - 2018-11-08 18:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 08:08 - 2018-11-08 18:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 08:08 - 2018-11-08 18:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 08:08 - 2018-11-08 18:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 08:08 - 2018-11-08 18:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 08:08 - 2018-11-08 18:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 08:08 - 2018-11-08 18:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 08:08 - 2018-11-08 18:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 08:08 - 2018-11-08 18:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 08:08 - 2018-11-08 18:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 08:08 - 2018-11-08 18:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 08:08 - 2018-11-08 18:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 08:08 - 2018-11-08 18:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-12-12 08:08 - 2018-11-08 18:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 08:08 - 2018-11-08 18:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 08:08 - 2018-11-08 18:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 08:08 - 2018-11-08 18:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 08:08 - 2018-11-08 18:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 08:08 - 2018-11-08 18:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 08:08 - 2018-11-08 18:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 08:08 - 2018-11-08 18:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 08:08 - 2018-11-08 18:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 08:08 - 2018-11-08 18:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 08:08 - 2018-11-08 18:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 08:08 - 2018-11-08 18:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 08:08 - 2018-11-08 18:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 08:08 - 2018-11-08 18:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 08:08 - 2018-11-08 18:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 08:08 - 2018-11-08 18:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 08:08 - 2018-11-08 18:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-12-12 08:08 - 2018-11-08 18:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 08:08 - 2018-11-08 18:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 08:08 - 2018-11-08 17:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 08:08 - 2018-11-08 17:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 08:08 - 2018-11-08 17:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-12-12 08:08 - 2018-11-08 17:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 08:08 - 2018-11-08 17:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 08:08 - 2018-11-08 17:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 08:08 - 2018-11-08 17:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 08:08 - 2018-11-08 17:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 08:08 - 2018-11-08 17:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 08:08 - 2018-11-08 17:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 08:08 - 2018-11-08 17:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 08:08 - 2018-11-08 17:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 08:08 - 2018-11-08 17:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 08:08 - 2018-11-08 17:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 08:08 - 2018-11-08 17:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 08:08 - 2018-11-08 17:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-12-12 08:08 - 2018-11-08 17:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 08:08 - 2018-11-08 17:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 08:08 - 2018-11-08 17:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 08:08 - 2018-11-08 17:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 08:08 - 2018-11-08 17:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-12-12 08:08 - 2018-11-08 17:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 08:08 - 2018-11-08 17:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-09 13:57 - 2018-12-09 13:57 - 034359314 _____ C:\Users\Qinqin\Downloads\Montereyh-Amendments-EIR-Document-A-Volume-I_Public-Draft.pdf
2018-12-08 14:49 - 2018-12-08 14:49 - 001870446 _____ C:\Users\Qinqin\Downloads\2010 IEP Annual Salvage Report.pdf
2018-12-07 14:46 - 2018-12-07 14:46 - 000954814 _____ C:\Users\Qinqin\Downloads\Chinook Salmon Entrainment Pilot Study Plan_Final.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 11:20 - 2018-05-23 19:12 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4C21703C-33CD-4772-9224-193931D9BA27}
2019-01-06 11:06 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-06 10:48 - 2015-07-03 18:40 - 000000000 ____D C:\Program Files\CrashPlan
2019-01-06 10:47 - 2015-07-03 18:40 - 000000000 ___HD C:\Users\Qinqin\AppData\Local\CrashPlan
2019-01-06 10:47 - 2015-07-03 18:40 - 000000000 ____D C:\ProgramData\CrashPlan
2019-01-06 10:46 - 2015-11-18 22:40 - 000000000 ___HD C:\Users\Qinqin\AppData\Local\74B64698-5C6D-4DAD-90F3-CEE5A187F6FD.aplzod
2019-01-06 10:31 - 2018-05-23 18:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-06 09:50 - 2015-11-18 22:41 - 000000000 ____D C:\Users\Qinqin\AppData\Local\Apple Inc
2019-01-06 09:50 - 2015-05-16 12:21 - 000000000 ___HD C:\Users\Qinqin\AppData\Local\Apple
2019-01-06 09:45 - 2018-05-23 19:48 - 000467092 _____ C:\WINDOWS\system32\prfh0804.dat
2019-01-06 09:45 - 2018-05-23 19:48 - 000151972 _____ C:\WINDOWS\system32\prfc0804.dat
2019-01-06 09:45 - 2018-05-23 19:00 - 001579670 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-06 09:45 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-06 09:41 - 2017-08-11 00:33 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-01-06 09:33 - 2015-11-18 22:41 - 000000000 ___RD C:\Users\Qinqin\iCloudDrive
2019-01-06 09:33 - 2015-06-06 13:49 - 000000000 ___RD C:\Users\Qinqin\Dropbox
2019-01-06 09:32 - 2018-05-23 19:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-06 09:32 - 2017-08-11 00:33 - 000000000 ____D C:\ProgramData\NVIDIA
2019-01-06 09:31 - 2018-04-11 13:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-06 09:01 - 2015-05-16 12:21 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2019-01-05 16:41 - 2017-11-18 13:16 - 000000862 _____ C:\Users\Qinqin\Desktop\art.lnk
2019-01-05 15:33 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-05 15:29 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-02 22:18 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-30 22:29 - 2018-06-30 13:22 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-12-29 21:49 - 2017-12-18 00:26 - 000000000 ___HD C:\Users\Qinqin\AppData\Local\Packages
2018-12-27 18:23 - 2018-10-18 09:41 - 000002738 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-12-20 09:50 - 2017-11-18 13:14 - 000000000 ____D C:\Users\Qinqin\Desktop\career 2015&2018
2018-12-20 06:02 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-12-20 06:02 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-12-20 05:19 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-12-19 12:01 - 2018-05-23 19:12 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-19 12:01 - 2018-05-23 19:12 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-18 20:49 - 2018-11-06 19:13 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-18 01:01 - 2014-11-09 20:42 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-17 19:10 - 2018-05-23 19:12 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2187288887-7447770-3814436497-1000
2018-12-17 19:10 - 2018-05-23 19:05 - 000002401 _____ C:\Users\Qinqin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-17 19:10 - 2016-05-24 21:25 - 000000000 ___RD C:\Users\Qinqin\OneDrive
2018-12-17 10:14 - 2017-11-18 13:15 - 000000000 ____D C:\Users\Qinqin\Desktop\QQmedical&health
2018-12-13 14:16 - 2015-06-06 13:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-12-12 17:37 - 2017-12-18 00:34 - 000000000 ___RD C:\Users\Qinqin\3D Objects
2018-12-12 17:37 - 2016-02-13 05:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-12 17:36 - 2018-05-23 18:58 - 000430264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-12 17:35 - 2018-04-11 15:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-12 17:35 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-12 17:35 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-12 08:15 - 2014-11-09 12:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-12 08:13 - 2014-11-09 12:27 - 137260640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-10 20:18 - 2018-02-13 22:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-12-10 20:18 - 2014-11-09 12:28 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-02-01 13:08 - 2016-02-01 13:08 - 000000000 ____H () C:\Users\Qinqin\AppData\Local\{4FC1DE2C-9636-4AE8-8387-56D8F09557DC}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-23 18:58

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites


Hi,

The Farar program is updated often and the Antivirus software have not had an opportunity to whileliist the file.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Your copy is not signed and could be compromised.
If you need it please download the latest version from this site.
https://www.cpuid.com/
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists it could be a Syncing issue.
You are probably Syncing Chrome with other devices?
To remove it reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Keep me posted.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.