Jump to content

chrome extention PUP.Optional.Unseen Keep coming back


Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by maher (administrator) on DESKTOP-TRTSR7B (22-02-2019 19:41:27)
Running from C:\Users\maher\Desktop\IDM Downloads\Programs
Loaded Profiles: maher (Available Profiles: maher)
Platform: Windows 10 Home Version 1809 17763.316 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe
(Farbar) C:\Users\maher\Desktop\IDM Downloads\Programs\FRST64_2.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_191\bin\jusched.exe"
HKU\S-1-5-21-443335431-2400896745-559093292-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3973176 2018-10-19] (Tonec Inc.)
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.70.4.1
Tcpip\..\Interfaces\{573ec3af-1486-475c-a59b-45ec42f5fc81}: [DhcpNameServer] 10.70.4.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-06-19] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-06-19] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-19] (Oracle America, Inc. -> Oracle Corporation)

Edge: 
======
Edge Extension: (IDM Integration Module) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2018-12-19]

FireFox:
========
FF DefaultProfile: i5o87fts.default
FF ProfilePath: C:\Users\maher\AppData\Roaming\Mozilla\Firefox\Profiles\i5o87fts.default [2019-02-21]
FF Homepage: Mozilla\Firefox\Profiles\i5o87fts.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\i5o87fts.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190118
FF Extension: (IDM Integration Module) - C:\Users\maher\AppData\Roaming\Mozilla\Firefox\Profiles\i5o87fts.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2018-12-19] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-443335431-2400896745-559093292-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-10-18] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-443335431-2400896745-559093292-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\maher\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\maher\AppData\Roaming\IDM\idmmzcc5 [2018-12-19] [Legacy] [not signed]
FF HKU\S-1-5-21-443335431-2400896745-559093292-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-19] ()
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-19] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-04-23] (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Profile: C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default [2019-02-22]
CHR Extension: (Slides) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-19]
CHR Extension: (Docs) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-19]
CHR Extension: (Google Drive) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-19]
CHR Extension: (TV) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2018-12-19]
CHR Extension: (YouTube) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-19]
CHR Extension: (Facebook) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-12-19]
CHR Extension: (Sheets) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-19]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2018-12-19]
CHR Extension: (IDM Integration Module) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-19]
CHR Extension: (Gmail) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\maher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-10-18]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-10-18]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
S2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2126120 2019-01-31] (philandro Software GmbH -> )
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
R3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-17] (Innovative Solutions Grup SRL -> )
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [19256 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [358256 2017-11-14] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-25] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [41272 2009-07-08] (Hewlett-Packard Company -> Hewlett-Packard)
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-11-16] (AnchorFree Inc -> AnchorFree Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl664.sys [2838008 2010-04-03] (Broadcom Corporation -> Broadcom Corporation)
R3 enecir; C:\WINDOWS\System32\drivers\enecir.sys [70656 2009-06-29] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
S3 enecirhid; C:\WINDOWS\System32\drivers\enecirhid.sys [14848 2009-05-20] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
S3 enecirhidma; C:\WINDOWS\System32\drivers\enecirhidma.sys [6656 2008-04-25] (Microsoft Windows Hardware Compatibility Publisher -> ENE TECHNOLOGY INC.)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [30008 2009-07-08] (Hewlett-Packard Company -> Hewlett-Packard)
R3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [18432 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Development Company, L.P.)
R3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 Impcd; C:\WINDOWS\System32\drivers\Impcd.sys [151040 2009-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 RTL8167; C:\WINDOWS\system32\DRIVERS\Rt64win7.sys [258560 2009-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [52400 2016-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [52904 2016-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [505344 2010-03-23] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-27] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 19:41 - 2019-02-22 19:41 - 000000000 ____D C:\FRST
2019-02-21 15:29 - 2019-02-22 14:10 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1EF2DBE9-95D2-4E9E-AD21-525916050338}
2019-02-21 10:37 - 2019-02-21 15:46 - 000000000 ____D C:\Program Files\Reimage
2019-02-21 10:27 - 2019-02-21 15:45 - 000000150 _____ C:\WINDOWS\Reimage.ini
2019-02-21 09:15 - 2019-02-21 09:15 - 000001766 _____ C:\Users\maher\Desktop\AdwCleaner[S05].txt
2019-02-19 21:08 - 2019-02-19 21:08 - 007316688 _____ (Malwarebytes) C:\Users\maher\Desktop\adwcleaner_7.2.7.0.exe
2019-02-18 19:49 - 2019-02-18 19:49 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2019-02-18 19:48 - 2019-02-18 19:49 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 020812288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 019023872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 008875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 007897088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 006070272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 005440008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 003922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 002278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001282640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001259024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 19:48 - 2019-02-18 19:48 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000762272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000421904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-02-18 19:48 - 2019-02-18 19:48 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlahc.dll
2019-02-18 19:48 - 2019-02-18 19:48 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe
2019-02-18 19:47 - 2019-02-18 19:47 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 023439360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 006540424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 005584864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 005205464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 004885504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 004688896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 004526080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001467560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000522312 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-02-18 19:47 - 2019-02-18 19:47 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-18 19:47 - 2019-02-18 19:47 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2019-02-18 19:47 - 2019-02-18 19:47 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-18 19:47 - 2019-02-18 19:47 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nslookup.exe
2019-02-18 19:47 - 2019-02-18 19:47 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 002927120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 002776920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 002702528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 002626592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 002072728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001720936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001696936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-18 19:46 - 2019-02-18 19:46 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001671864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001467384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-18 19:46 - 2019-02-18 19:46 - 001446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001341584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-18 19:46 - 2019-02-18 19:46 - 001271608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001178344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-18 19:46 - 2019-02-18 19:46 - 001168384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-02-18 19:46 - 2019-02-18 19:46 - 000982032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000726208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000652320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000588304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000535048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000475152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 19:46 - 2019-02-18 19:46 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000277536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000262672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 19:46 - 2019-02-18 19:46 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 19:46 - 2019-02-18 19:46 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000121872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-02-18 19:46 - 2019-02-18 19:46 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nslookup.exe
2019-02-18 19:46 - 2019-02-18 19:46 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 022111856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 009683984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 005565952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 005561856 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 005527552 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 004702704 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 004298752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 004019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 003386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 002187264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001969680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001604096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001533440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001331744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000864056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 000148480 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2019-02-18 19:45 - 2019-02-18 19:45 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 000074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2019-02-18 19:45 - 2019-02-18 19:45 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2019-02-18 19:45 - 2019-02-18 19:45 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 19:44 - 2019-02-18 19:45 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 004991096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 003556352 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002992640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002721280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002149368 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 001700880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 001209360 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000982576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000970256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000850968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000822448 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000806560 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-18 19:44 - 2019-02-18 19:44 - 000806560 _____ C:\WINDOWS\system32\locale.nls
2019-02-18 19:44 - 2019-02-18 19:44 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000765960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000752136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000651304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000629576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000612368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000604552 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000419128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000408800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000353488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000276488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000203280 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MTF.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000132104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000114856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo-overrides.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000047136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 19:44 - 2019-02-18 19:44 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-18 19:44 - 2019-02-18 19:44 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-02-18 19:44 - 2019-02-18 19:44 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-10 22:08 - 2019-02-10 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-10 22:07 - 2019-02-10 22:07 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-06 21:31 - 2019-02-06 21:32 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-31 16:32 - 2019-01-31 16:32 - 000001957 _____ C:\Users\Public\Desktop\AnyDesk.lnk
2019-01-31 16:32 - 2019-01-31 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2019-01-31 16:32 - 2019-01-31 16:32 - 000000000 ____D C:\ProgramData\AnyDesk
2019-01-31 16:32 - 2019-01-31 16:32 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2019-01-31 16:25 - 2019-01-31 16:30 - 000000000 ____D C:\Users\maher\AppData\Roaming\AnyDesk
2019-01-30 16:35 - 2019-02-21 08:09 - 000000000 ____D C:\Users\maher\AppData\Local\CrashDumps
2019-01-28 19:38 - 2019-01-28 19:39 - 000000000 ____D C:\Users\maher\Documents\Snagit
2019-01-28 19:37 - 2019-01-28 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2019-01-26 09:33 - 2019-01-26 09:33 - 000003884 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater
2019-01-26 09:26 - 2019-01-26 09:26 - 000000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2019-01-26 09:24 - 2019-01-26 09:25 - 000000000 ____D C:\ProgramData\TechSmith
2019-01-26 09:24 - 2019-01-26 09:24 - 000000000 ____D C:\Users\maher\AppData\Local\TechSmith
2019-01-26 09:24 - 2019-01-26 09:24 - 000000000 ____D C:\Program Files (x86)\TechSmith

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-22 19:38 - 2018-12-18 06:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-22 19:34 - 2018-12-18 21:44 - 000000000 ____D C:\Users\maher\Desktop\hhh
2019-02-22 19:18 - 2018-12-18 06:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-22 07:49 - 2018-12-18 06:13 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-22 07:49 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-22 01:46 - 2018-12-19 09:39 - 000000000 ____D C:\Users\maher\AppData\Roaming\DMCache
2019-02-21 15:44 - 2018-12-19 08:40 - 000004112 _____ C:\WINDOWS\System32\Tasks\AupAvUpdate
2019-02-21 12:28 - 2018-12-18 06:14 - 000000188 _____ C:\WINDOWS\win.ini
2019-02-21 12:13 - 2018-12-19 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-21 09:42 - 2018-12-19 11:10 - 000000000 ____D C:\Users\maher\AppData\LocalLow\Mozilla
2019-02-21 09:29 - 2018-12-19 08:52 - 000000000 ____D C:\Users\maher\AppData\Roaming\Psiphon3
2019-02-20 23:45 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-20 08:51 - 2018-12-17 21:34 - 000000000 ____D C:\Users\maher\AppData\Local\Packages
2019-02-20 08:33 - 2018-12-18 06:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-20 08:32 - 2018-12-19 11:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-20 08:32 - 2018-12-19 11:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-19 23:30 - 2018-12-18 05:51 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-19 17:34 - 2018-12-19 11:09 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-19 08:24 - 2018-12-18 06:11 - 000000000 ____D C:\WINDOWS\INF
2019-02-19 08:19 - 2018-12-18 07:21 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-19 08:15 - 2018-12-17 21:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-19 08:15 - 2018-12-17 21:34 - 000000000 ___RD C:\Users\maher\3D Objects
2019-02-19 08:13 - 2018-12-18 06:50 - 000453504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-19 00:32 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-19 00:32 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-02-19 00:32 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-02-19 00:32 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-02-19 00:32 - 2018-12-18 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-02-19 00:32 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-02-19 00:32 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-02-19 00:31 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-19 00:31 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-02-19 00:31 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 19:52 - 2018-12-18 05:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-18 19:27 - 2019-01-05 09:47 - 000004206 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1546674433
2019-02-18 19:27 - 2019-01-05 09:47 - 000001399 _____ C:\Users\maher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-14 02:01 - 2018-12-19 10:31 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-13 21:08 - 2018-12-17 21:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 21:04 - 2018-12-17 21:50 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 09:23 - 2018-12-18 23:00 - 000000000 ____D C:\Users\maher\Desktop\Personals
2019-02-10 09:58 - 2018-12-18 21:24 - 000000000 ____D C:\Users\maher\AppData\Local\PlaceholderTileLogoFolder
2019-02-09 16:08 - 2018-12-18 21:35 - 000000000 ____D C:\Users\maher\AppData\Local\D3DSCache
2019-02-08 18:45 - 2018-12-17 21:34 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 20:41 - 2018-12-18 21:40 - 000000000 ____D C:\Users\maher\Desktop\Hazem
2019-02-02 20:55 - 2018-12-19 09:39 - 000000000 ____D C:\Users\maher\Downloads\Compressed
2019-02-02 00:31 - 2018-12-18 06:18 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 00:31 - 2018-12-18 06:18 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 15:04 - 2018-12-17 21:34 - 000000000 ____D C:\Users\maher\AppData\Local\VirtualStore
2019-01-30 09:44 - 2018-12-18 21:50 - 000000000 ____D C:\Users\maher\Desktop\Mobiles
2019-01-29 14:44 - 2019-01-18 10:24 - 000000000 ____D C:\AdwCleaner
2019-01-28 19:43 - 2018-12-18 21:39 - 000000000 ___RD C:\Users\maher\Desktop\Facebook
2019-01-26 15:18 - 2018-12-19 09:39 - 000000000 ____D C:\Users\maher\AppData\Roaming\IDM
2019-01-25 18:35 - 2018-12-18 06:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-01-25 09:01 - 2019-01-18 21:28 - 000000000 ____D C:\Users\maher\AppData\Roaming\uTorrent
2019-01-24 19:03 - 2018-12-18 06:13 - 000000000 ____D C:\WINDOWS\Registration
2019-01-23 09:51 - 2018-12-18 23:07 - 000000000 ____D C:\Users\maher\Desktop\Series

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Hi,

IDM Crack 6.31 build 9 (HKLM-x32\...\IDM Crack 6.31 build 9) (Version: 6.31 build 9 - Crackingpatching.com Team)
Cracked/warez versions of programs sound "good" and "cheap", but they can cause all sorts of headaches for you and damage to your computer.  No reputable forum will support any method of cracking, warez, workarounds, providing any methods, tools, or posting of links designed for this express purpose. 

There are people who have spent a great deal of money on developing and testing hardware and software, marketing and distributing it, and then on education and support for it. They have spent long, tedious, difficult and brain-numbing days/nights on their endeavor. They are attempting to make an honest living and feed their families. 

Let's not support the thieves who rip them off and cheat them out of the fruits of their labor. 

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>

Please post the Fixlog.txt and let me know what problem persists.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by maher (23-02-2019 21:29:04) Run:1
Running from C:\Users\maher\Desktop\IDM Downloads\Programs
Loaded Profiles: maher (Available Profiles: maher)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM??\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\i5o87fts.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190118
CHR ?DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
FirewallRules: [{8BEA2E7C-9BDA-423C-A84B-FB7D9F1438E0}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe No File
FirewallRules: [{A76911B9-7C98-4A6C-93F3-7EBF013F07AB}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe No File
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"Firefox newtab" => removed successfully
CHR ?DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms} => Error: No automatic fix found for this entry.
"Chrome DefaultSearchKeyword" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BEA2E7C-9BDA-423C-A84B-FB7D9F1438E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A76911B9-7C98-4A6C-93F3-7EBF013F07AB}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 111928955 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 62648 B
Edge => 1826730 B
Chrome => 56911657 B
Firefox => 50237086 B
Opera => 104097424 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 2300 B
NetworkService => 0 B
maher => 206002713 B

RecycleBin => 0 B
EmptyTemp: => 517.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:33:20 ====

Link to post
Share on other sites


Hi,

If you have reset the Sync in Chrome as previously suggested remove and reinstall Chrome.

Your copy of Chrome has probably been compromised

step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

step2.gifIf you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

step3.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

step5.gif Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

step6.gif Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

step7.gif Re-install Chrome and the Bookmarks.
<<<>>>

Keep me posted.

Link to post
Share on other sites

18 hours ago, nasdaq said:

 

hi,

i did exactly as instructed, and make a new scan.

everything is perfect

even i reinstall chrome, enable sync, and reinstall IDM integration extension from  chrome store, and i made new scan, till now everything is perfect.

thanks for your help. if the problem back again, i will let you know.

thanks again for your help and assist.

Best regards.

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.