Noelz Posted May 28, 2019 ID:1314578 Share Posted May 28, 2019 Hello, I think my laptop has a remote user operating behind the scenes because whilst I'm using my laptop, I keep hearing weird noises and clicking sounds, even as I'm not touching the computer whilst Netflix (for example) is on. I just wanted to check if my theory is correct. Link to post Share on other sites More sharing options...
nasdaq Posted May 28, 2019 ID:1314649 Share Posted May 28, 2019 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Malwarebytes your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the Farbar Recovery Scan Tool (FRST).Choose the 32 or 64 bit version for your system. and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file: In the Reply section in the bottom of the topic Select Click the Choose a File. Navigate to the location of the File. Click the file. It will appear in section. Click the Saving button. Let me know what problems persists. Wait for further instructions ==== Link to post Share on other sites More sharing options...
Noelz Posted May 29, 2019 Author ID:1314716 Share Posted May 29, 2019 ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVAST Software a.s. -> ) C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe (AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Dropbox, Inc -> ) C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Users\User\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\adwcleaner_7.3 (1).exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPServiceHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_6\mcapexe.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\Real Protect\RealProtect.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\browserhost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (Hewlett-Packard Company -> HP Inc.) HKLM\...\RunOnce: [RealProtect] => C:\Program Files\mcafee\Real Protect\RealProtect.exe [8014848 2019-05-26] (McAfee, Inc. -> McAfee, Inc.) HKU\S-1-5-21-453658790-1022757742-3610594808-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1723888 2019-05-21] (Google LLC -> Google Inc.) HKU\S-1-5-21-453658790-1022757742-3610594808-1001\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [25901288 2019-04-06] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1723888 2019-05-21] (Google LLC -> Google Inc.) HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [25901288 2019-04-06] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1723888 2019-05-21] (Google LLC -> Google Inc.) HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [25901288 2019-04-06] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-453658790-1022757742-3610594808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102021033\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-453658790-1022757742-3610594808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102043299\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {222894B7-0075-4271-91DB-2C40F0770E40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.) Task: {3CAC556C-C41A-45A1-9727-B1BC60C4E434} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {3E0FC8AA-A216-4992-AAF0-7E5A1BF7E6CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-04] (Google Inc -> Google Inc.) Task: {454A7911-04B3-4CDB-BC67-970EA570F2A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {4550D3EA-3BF0-413E-8C2B-460E1D99AC07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.) Task: {460BB78D-61C3-4097-93B6-5C6C26F5580D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.) Task: {53998FDC-EF0B-413B-B50D-0FD2A104F5E2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {57DD9DCA-CC17-45DC-A793-4FB7BBA465CA} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs] Task: {627563F8-3154-467E-8FD9-6F66D7987729} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-15] (Adobe Inc. -> Adobe) Task: {6281F247-878F-4937-88CA-CD3BA788176B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.) Task: {6BC8D4AA-044C-4089-866C-9D13D92E3721} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1697848 2018-06-11] (McAfee, Inc. -> McAfee, Inc.) Task: {6EA26CFB-5478-41E6-8F31-91332E3BB065} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.) Task: {6F839E73-9011-40E1-85F2-B7C01C72D5F1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) Task: {7D44D08D-041F-4369-8F3A-807D2C6A2693} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe Inc. -> Adobe) Task: {842EA681-B2D7-4A02-A5EA-9F3EE21876A4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [744784 2018-07-13] (McAfee, Inc. -> McAfee, Inc.) Task: {85D41E27-22B3-4FEF-9880-D20C2BD03CEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.) Task: {86200445-F26F-42C5-BD3B-424993A18802} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> ) Task: {86E58D40-F031-455C-A899-E7C59ADB5500} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) Task: {8BC80387-A73D-4E90-A75B-FE8CC1289384} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-04] (Google Inc -> Google Inc.) Task: {8C40CB37-91E4-4B66-A586-5DE27E390C6A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {8D2A7457-A47A-46F8-8879-2A96898314F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {925DE6FA-76F5-49DF-9101-18928BF51663} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {A7DBCDDE-10D3-47DE-AC30-262761DF28B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation) Task: {AF841498-E7EA-4052-BC33-D5907ACD0138} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.) Task: {B18DE651-285D-415F-951F-703B98FF42A5} - System32\Tasks\HPCeeScheduleForFantasma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard) Task: {B5EABA4C-55A3-4753-B1CD-C8D23FAAE12D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) Task: {B8F72A69-D8C2-4E5A-89F9-7A616D3FDA79} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2120800 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {C8EC48E2-AD4E-40F2-A355-A27BBDEAD859} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2016-09-19] (AVAST Software a.s. -> AVAST Software) "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {CCFC646F-E081-4441-AE0A-684292A80688} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {DAABA071-BAE7-46CC-A790-0469CA222DB4} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [863040 2016-09-19] (AVAST Software a.s. -> AVAST Software) Task: {DB73E380-4229-448B-A505-3CA07552EB86} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {E858B36A-AFF5-43FD-9303-A33124F100DD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {EB3C93CB-7010-4B9B-AB3C-BD9F8BD8024E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation) Task: {EC44E5E4-CB85-494C-8671-47FDADA66894} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {F798251E-BC27-45F9-AEAF-FD1062307153} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.222\DADUpdater.exe [4178840 2019-05-24] (McAfee, Inc. -> McAfee, Inc.) Task: {FC777553-9067-4B18-AF55-37DF0BA85136} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForFantasma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0076eb04-6579-4c8b-b7b7-693f8cf26f5e}: [DhcpNameServer] 10.16.34.51 10.16.34.52 8.8.8.8 Tcpip\..\Interfaces\{68b1e682-39ed-45a8-ae3e-06582cc78f5c}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> {38B5CF93-0666-4066-AC3B-0A64D257BC42} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {38B5CF93-0666-4066-AC3B-0A64D257BC42} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-453658790-1022757742-3610594808-1001 -> {38B5CF93-0666-4066-AC3B-0A64D257BC42} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360 -> {38B5CF93-0666-4066-AC3B-0A64D257BC42} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905 -> {38B5CF93-0666-4066-AC3B-0A64D257BC42} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-02-02] (McAfee, Inc. -> McAfee, Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-02-02] (McAfee, Inc. -> McAfee, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2018-10-04] (McAfee, Inc. -> McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-10-04] (McAfee, Inc. -> McAfee, Inc.) Edge: ====== Edge Extension: (IBM Security Rapport) -> EdgeExtension_IBMTrusteerIBMTrusteerRapport_756wk15nt3n8e => C:\Program Files\WindowsApps\IBMTrusteer.IBMTrusteerRapport_1.1.34.0_x64__756wk15nt3n8e [2018-12-14] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-04-23] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-11-02] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-10-04] (McAfee, Inc. -> ) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-10-04] (McAfee, Inc. -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] (WildTangent Inc -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-05-29] CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-04] CHR Extension: (IBM Security Rapport) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-12-28] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-04] CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15] CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-10-27] CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (McAfee® WebAdvisor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-04-27] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102016360\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102032905\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102021033\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102043299\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102024274\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453658790-1022757742-3610594808-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05292019102046264\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed] R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [249344 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147336 2019-05-15] (Microsoft Corporation -> Microsoft Corporation) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent Inc -> WildTangent) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-02-02] (McAfee, Inc. -> McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_6\McApExe.exe [729320 2018-10-04] (McAfee, Inc. -> McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366968 2018-08-22] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [539512 2018-08-22] (McAfee, Inc. -> McAfee, LLC) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [490360 2018-08-22] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1690976 2018-07-27] (McAfee, Inc. -> McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1316024 2018-07-25] (McAfee, Inc. -> McAfee, Inc.) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-09-19] (AVAST Software a.s. -> ) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-05-08] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [23983104 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674816 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 bcbtums; C:\WINDOWS\System32\drivers\bcbtums.sys [186152 2015-12-18] (Broadcom Corporation -> Broadcom Corporation.) R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794376 2017-07-13] (Broadcom Corporation -> Broadcom Corp) S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [187168 2015-12-22] (Broadcom Corporation -> Broadcom Corporation.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77336 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [235784 2018-10-02] (McAfee, Inc. -> McAfee, Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-27] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-29] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-29] (Malwarebytes Corporation -> Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [506384 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [367664 2018-10-03] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85104 2018-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [533520 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [967696 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [555824 2018-10-02] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108848 2018-10-02] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115728 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252952 2018-10-03] (McAfee, Inc. -> McAfee, LLC) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.) R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-01-20] (IBM -> IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.) S3 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.) S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.) S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek Semiconductor Corp -> Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated) S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [62568 2016-03-14] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-05-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-05-08] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-05-08] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35600 2019-04-18] (HP Inc. -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-29 10:31 - 2019-05-29 10:36 - 000042897 _____ C:\Users\User\Desktop\FRST.txt 2019-05-29 10:31 - 2019-05-29 10:31 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion 2019-05-29 10:30 - 2019-05-29 10:31 - 000000000 ____D C:\FRST 2019-05-29 10:29 - 2019-05-29 10:31 - 002435584 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2019-05-29 10:23 - 2019-05-29 10:23 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-05-29 10:22 - 2019-05-29 10:22 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-05-29 10:22 - 2019-05-29 10:22 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-05-29 10:20 - 2019-05-29 10:20 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-05-29 10:16 - 2019-05-29 10:16 - 000004742 _____ C:\Users\User\Desktop\AdwCleaner[C00].txt 2019-05-29 10:13 - 2019-05-29 10:13 - 000004907 _____ C:\Users\User\Desktop\AdwCleaner[S00].txt 2019-05-29 10:10 - 2019-05-29 10:16 - 000000000 ____D C:\AdwCleaner 2019-05-29 10:08 - 2019-05-29 10:08 - 000001236 _____ C:\Users\User\Desktop\Malwarebytes Log.txt 2019-05-27 11:39 - 2019-05-27 11:39 - 000000000 ____D C:\Users\User\AppData\Local\mbam 2019-05-27 11:37 - 2019-05-27 11:37 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-05-27 11:37 - 2019-05-27 11:37 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray 2019-05-27 11:36 - 2019-05-27 11:36 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-05-27 11:36 - 2019-05-27 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-05-27 11:36 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-05-27 11:36 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-05-27 11:35 - 2019-05-27 11:35 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-05-27 11:35 - 2019-05-27 11:35 - 000000000 ____D C:\Program Files\Malwarebytes 2019-05-27 10:32 - 2019-05-27 10:32 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2019-05-26 23:17 - 2019-05-26 23:17 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2019-05-26 23:17 - 2019-05-26 23:17 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2019-05-26 23:17 - 2019-05-26 23:17 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-05-26 23:17 - 2019-05-26 23:17 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-05-26 23:17 - 2019-05-26 23:17 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2019-05-26 23:17 - 2019-05-26 23:17 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-05-26 23:17 - 2019-05-26 23:17 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 026809856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 023439360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 018999808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 006545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-05-26 23:16 - 2019-05-26 23:16 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-05-26 23:16 - 2019-05-26 23:16 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-05-26 23:16 - 2019-05-26 23:16 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-05-26 23:16 - 2019-05-26 23:16 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-05-26 23:16 - 2019-05-26 23:16 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-05-26 23:16 - 2019-05-26 23:16 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2019-05-26 23:16 - 2019-05-26 23:16 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-05-26 23:16 - 2019-05-26 23:16 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-05-26 23:16 - 2019-05-26 23:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-05-26 23:16 - 2019-05-26 23:16 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 007645608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 001229312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-05-26 23:15 - 2019-05-26 23:15 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-05-26 23:15 - 2019-05-26 23:15 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2019-05-26 23:15 - 2019-05-26 23:15 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2019-05-26 21:47 - 2019-05-26 22:05 - 000000000 ____D C:\Program Files\stinger 2019-05-20 20:13 - 2019-05-20 20:13 - 000000000 ____D C:\WINDOWS\SysWOW64\store 2019-05-20 19:03 - 2019-05-20 19:04 - 004588536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-05-17 16:14 - 2019-05-17 16:14 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-05-17 16:14 - 2019-05-17 16:14 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-05-17 16:14 - 2019-05-17 16:14 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2019-05-17 16:14 - 2019-05-17 16:14 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-05-17 16:14 - 2019-05-17 16:14 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-05-17 16:13 - 2019-05-17 16:13 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2019-05-17 16:13 - 2019-05-17 16:13 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-05-17 16:13 - 2019-05-17 16:13 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-05-17 16:13 - 2019-05-17 16:13 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2019-05-04 16:49 - 2019-05-04 16:49 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2019-05-04 16:49 - 2019-05-04 16:49 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe 2019-05-04 16:49 - 2019-05-04 16:49 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-05-04 16:49 - 2019-05-04 16:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-05-04 16:48 - 2019-05-04 16:48 - 000806600 _____ C:\WINDOWS\system32\locale.nls 2019-05-04 16:48 - 2019-05-04 16:48 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-05-04 16:48 - 2019-05-04 16:48 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-05-04 16:48 - 2019-05-04 16:48 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2019-05-04 16:48 - 2019-05-04 16:48 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2019-05-04 16:48 - 2019-05-04 16:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-29 10:35 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-05-29 10:24 - 2016-10-04 22:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Spotify 2019-05-29 10:21 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-29 10:19 - 2018-12-26 02:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-05-29 10:18 - 2018-09-15 07:09 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2019-05-29 10:17 - 2016-09-21 21:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2019-05-29 10:15 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-29 10:13 - 2018-06-30 17:57 - 000000000 ____D C:\ProgramData\Packages 2019-05-29 09:25 - 2018-12-26 02:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2019-05-29 09:25 - 2018-12-26 02:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-05-29 09:25 - 2018-11-15 12:27 - 000000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFantasma.job 2019-05-28 01:08 - 2018-12-26 02:43 - 000003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFantasma 2019-05-27 11:36 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-05-27 11:26 - 2018-08-12 14:14 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache 2019-05-27 10:36 - 2016-09-21 21:43 - 000096286 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip 2019-05-27 10:34 - 2016-09-21 21:43 - 000001863 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control Panel.lnk 2019-05-27 10:32 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-05-27 10:32 - 2016-09-21 21:43 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2019-05-27 00:08 - 2018-12-26 02:00 - 000449168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-05-27 00:04 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender 2019-05-27 00:04 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-05-26 23:32 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-05-26 21:47 - 2016-06-21 19:38 - 000000000 ____D C:\Program Files\mcafee 2019-05-26 21:10 - 2018-09-15 07:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-05-26 11:35 - 2016-06-21 19:38 - 000000000 ____D C:\Program Files (x86)\McAfee 2019-05-25 00:47 - 2017-10-18 19:03 - 000000000 ____D C:\Users\User\AppData\Local\Packages 2019-05-24 18:47 - 2016-09-25 22:05 - 000000000 ____D C:\Program Files\Microsoft Office 2019-05-22 14:29 - 2016-10-09 16:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-05-22 13:19 - 2016-10-04 17:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-05-22 13:19 - 2016-10-04 17:36 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-05-22 12:55 - 2018-12-26 02:07 - 000000000 ____D C:\Users\Mum 2019-05-22 12:55 - 2018-12-26 02:07 - 000000000 ____D C:\Users\Guest 1 2019-05-20 11:37 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-05-19 18:02 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-05-17 18:01 - 2018-12-26 02:06 - 000935056 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-17 17:51 - 2018-09-15 08:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-05-17 15:29 - 2018-12-26 02:43 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-453658790-1022757742-3610594808-1001 2019-05-17 15:29 - 2018-12-26 02:07 - 000002367 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-05-17 15:29 - 2016-09-07 11:55 - 000000000 ___RD C:\Users\User\OneDrive 2019-05-16 09:23 - 2016-09-18 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-05-16 09:15 - 2016-09-18 19:11 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-05-15 19:40 - 2018-12-26 02:43 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-05-15 19:40 - 2018-12-26 02:43 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-05-15 19:20 - 2018-12-26 02:43 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-05-15 19:18 - 2019-04-09 10:34 - 004753464 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2019-05-15 19:18 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-05-15 19:18 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-05-13 22:23 - 2019-02-16 11:16 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-05-13 22:23 - 2019-02-16 11:16 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-05-08 18:51 - 2018-06-30 17:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-05-05 01:26 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\TextInput 2019-05-05 01:25 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-05-04 17:29 - 2019-03-02 02:31 - 000000000 ____D C:\WINDOWS\Minidump ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt Malwarebytes Log.txt Link to post Share on other sites More sharing options...
nasdaq Posted May 29, 2019 ID:1314755 Share Posted May 29, 2019 Hi, Your logs are clean. You have removed Avast but I see many entries in your logs. Download and run their uninstaller tool from this site.https://www.avast.com/en-ca/uninstall-utility Restart the computer when the removal is completed. ----- Let me know if the problem persists. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 5, 2019 Root Admin ID:1315882 Share Posted June 5, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts