[RESOLVED] Infected Computer

**Survivor 311** · March 29th, 2018, 11:50 PM

Edge:
======
Edge Extension: (RoboForm) -> EdgeExtension_SiberSystemsIncRoboFormEdge_7kk3kr9e0p1np => C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.0.0_x86__7kk3kr9e0p1np [2018-02-20]

FireFox:
========
FF DefaultProfile: 8t4mtusf.default
FF ProfilePath: C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default [2018-03-29]
FF Extension: (leethax.net extension) - C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default\Extensions\leethax@leethax.net.xpi [2017-10-24] [Legacy]
FF Extension: (RoboForm Password Manager) - C:\Users\imanetter2\AppData\Roaming\Mozilla\Firefox\Profiles\8t4mtusf.default\Extensions\rf-firefox@siber.com.xpi [2018-03-02]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default [2018-03-29]
CHR Extension: (Docs) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-06]
CHR Extension: (YouTube) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-06]
CHR Extension: (Yahoo Partner) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2017-07-23]
CHR Extension: (Google Calendar) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-07-06]
CHR Extension: (Sheets) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
CHR Extension: (Google Calendar New Tab) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jicjemeflnclfknbimpboidnipbfkeeh [2017-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Gmail) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\imanetter2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-03-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-10-21]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2017-10-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] ()
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2017-09-06] (Sanford, L.P.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-03-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-03-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-03-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-03-29] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.)
S3 nvme; C:\WINDOWS\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd)
S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)

**Survivor 311** · March 29th, 2018, 11:50 PM

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 20:53 - 2018-03-29 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-29 20:46 - 2018-03-29 20:59 - 000000000 ____D C:\AdwCleaner
2018-03-29 20:46 - 2018-03-29 20:46 - 008222496 _____ (Malwarebytes) C:\Users\imanetter2\Downloads\AdwCleaner.exe
2018-03-29 20:27 - 2018-03-29 20:49 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-29 20:27 - 2018-03-29 20:49 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-29 20:27 - 2018-03-29 20:49 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-29 20:27 - 2018-03-29 20:27 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-29 20:27 - 2018-03-29 20:27 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-29 20:27 - 2018-03-29 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-29 19:04 - 2018-03-29 21:12 - 000000000 ____D C:\Users\imanetter2\Desktop\Broni Computer Cleanup
2018-03-29 18:51 - 2018-03-29 18:53 - 000004384 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2018-03-29 18:47 - 2018-03-29 18:52 - 014820296 _____ (Siber Systems) C:\Users\imanetter2\Downloads\RoboForm Setup [1].exe
2018-03-29 17:15 - 2018-03-29 17:15 - 002403328 _____ (Farbar) C:\Users\imanetter2\Downloads\FRST64 (1).exe
2018-03-29 15:18 - 2018-03-29 15:18 - 000388608 _____ (Trend Micro Inc.) C:\Users\imanetter2\Downloads\HijackThis.exe
2018-03-29 10:00 - 2018-02-28 08:04 - 000012288 _____ C:\Users\imanetter2\Desktop\Monthly Budget March 1.xlr
2018-03-29 10:00 - 2018-02-26 14:37 - 000011776 _____ C:\Users\imanetter2\Desktop\Monthly Budget March 2.xlr
2018-03-28 13:33 - 2018-03-28 13:33 - 000298015 _____ C:\Users\imanetter2\Desktop\20180328_133013_1522261860894.jpeg
2018-03-28 12:57 - 2018-03-28 12:57 - 000085202 _____ C:\Users\imanetter2\Desktop\0311 Klesker, Judith April Statement.pdf
2018-03-27 11:59 - 2018-03-27 12:04 - 000001051 _____ C:\Users\imanetter2\Desktop\Letter.txt
2018-03-27 11:37 - 2018-03-27 11:37 - 002974520 _____ C:\Users\imanetter2\Desktop\PERSONAL REPRESENTATIVE DESIGNATION.tif
2018-03-27 11:09 - 2018-03-27 11:09 - 001427227 _____ C:\Users\imanetter2\Desktop\PRD HFS Form 3806F.pdf
2018-03-23 23:14 - 2018-03-23 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-03-22 18:36 - 2018-03-22 18:37 - 000000000 ____D C:\Users\imanetter2\Desktop\Loan Papers
2018-03-22 18:35 - 2018-03-22 18:36 - 000000000 ____D C:\Users\imanetter2\Desktop\Palos Hospital
2018-03-22 13:52 - 2018-03-22 13:52 - 000021504 _____ C:\Users\imanetter2\Desktop\Untitled Document.wps
2018-03-20 10:26 - 2018-03-20 10:26 - 000002236 _____ C:\Users\imanetter2\Desktop\Lincare Complaint.txt
2018-03-18 10:06 - 2018-03-18 10:06 - 000246272 _____ C:\Users\imanetter2\Desktop\Todd Regan's Grave Location.wps
2018-03-17 09:09 - 2018-03-17 09:09 - 000347426 _____ C:\Users\imanetter2\Desktop\PTAX-340.pdf
2018-03-14 13:04 - 2018-03-29 19:15 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-03-13 18:01 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 18:01 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 18:01 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 18:01 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 18:01 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 18:01 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 18:01 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 18:01 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 18:01 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 18:01 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 18:01 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 18:01 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 18:01 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 18:01 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 18:01 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 18:01 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 18:01 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 18:01 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 18:01 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 18:01 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 18:01 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 18:01 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 18:01 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 18:01 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 18:01 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 18:01 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 18:01 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 18:01 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 18:01 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 18:01 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 18:01 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 18:01 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 18:01 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 18:01 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 18:00 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 18:00 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 18:00 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 18:00 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 18:00 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 18:00 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 18:00 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 18:00 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 18:00 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 18:00 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 18:00 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 18:00 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 18:00 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 18:00 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 18:00 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 18:00 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 18:00 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 18:00 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 18:00 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 18:00 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 18:00 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 18:00 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 18:00 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 18:00 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 18:00 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 18:00 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 18:00 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 18:00 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 18:00 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 18:00 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 18:00 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 18:00 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 18:00 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 18:00 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 18:00 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 18:00 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 18:00 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 18:00 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 18:00 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 18:00 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 18:00 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 18:00 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 18:00 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 18:00 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 18:00 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 18:00 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 18:00 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 18:00 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 18:00 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 18:00 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 18:00 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 18:00 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 18:00 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 18:00 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 18:00 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 18:00 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 18:00 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 18:00 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 18:00 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 18:00 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 18:00 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 18:00 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 18:00 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 18:00 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 18:00 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 18:00 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 18:00 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 18:00 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 18:00 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 18:00 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 18:00 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 18:00 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 18:00 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 18:00 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 18:00 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 18:00 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 18:00 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 18:00 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 18:00 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 18:00 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 18:00 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 18:00 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 18:00 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 18:00 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 18:00 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 18:00 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 18:00 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 18:00 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 18:00 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 18:00 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 18:00 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 18:00 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 18:00 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 18:00 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 18:00 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 18:00 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 18:00 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 18:00 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 18:00 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 18:00 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 18:00 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 18:00 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 18:00 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 18:00 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 18:00 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 18:00 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 18:00 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 18:00 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 18:00 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 18:00 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 18:00 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 18:00 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 18:00 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 18:00 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 18:00 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 18:00 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 18:00 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 18:00 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 18:00 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 18:00 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 18:00 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 18:00 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 18:00 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 18:00 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 18:00 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 18:00 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 18:00 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 18:00 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 18:00 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 18:00 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 18:00 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 18:00 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 18:00 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 18:00 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 18:00 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 18:00 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 18:00 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 18:00 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 18:00 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 18:00 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 18:00 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 09:21 - 2018-03-13 09:21 - 000009677 _____ C:\Users\imanetter2\Desktop\Equal Access letter.pdf
2018-03-13 08:51 - 2018-03-13 08:51 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-06 12:01 - 2018-03-06 12:03 - 000081448 _____ C:\Users\imanetter2\Desktop\My lab-results.pdf
2018-03-06 12:01 - 2018-03-06 12:01 - 000072797 _____ C:\Users\imanetter2\Downloads\lab-results.zip
2018-02-28 15:44 - 2018-03-05 12:25 - 000000000 ___RD C:\Users\imanetter2\Desktop\Computer Backup 2-28-18

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 22:26 - 2018-01-26 20:48 - 000000000 ____D C:\FRST
2018-03-29 22:23 - 2017-12-18 18:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-29 20:54 - 2017-12-18 19:10 - 001623580 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-29 20:49 - 2017-12-18 19:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-29 20:49 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-29 20:48 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-29 20:31 - 2017-03-30 13:38 - 000000000 ___RD C:\Users\imanetter2\Desktop\Computer Fixes
2018-03-29 20:27 - 2017-04-16 09:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-29 19:39 - 2017-06-29 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-29 19:39 - 2017-06-29 19:49 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-29 19:39 - 2017-06-13 16:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-29 19:22 - 2017-12-18 19:18 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A12F889F-3AC3-4840-83D1-A29D089F429F}
2018-03-29 19:09 - 2017-06-25 19:54 - 000000000 ____D C:\Users\imanetter2\AppData\Local\CrashDumps
2018-03-29 19:07 - 2017-03-16 13:28 - 000000000 ____D C:\Users\imanetter2\AppData\LocalLow\Mozilla
2018-03-29 18:53 - 2017-12-18 19:18 - 000003602 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2018-03-29 18:52 - 2017-10-21 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-03-29 18:49 - 2017-03-16 14:01 - 000000000 ____D C:\Users\imanetter2\AppData\Roaming\RoboForm
2018-03-29 17:17 - 2018-01-26 20:49 - 000042581 _____ C:\Users\imanetter2\Downloads\Addition.txt
2018-03-29 17:17 - 2018-01-26 20:48 - 000056233 _____ C:\Users\imanetter2\Downloads\FRST.txt
2018-03-29 15:33 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-29 15:18 - 2017-03-16 12:14 - 000000000 ____D C:\Users\imanetter2\AppData\Local\VirtualStore
2018-03-29 13:39 - 2017-03-16 18:44 - 000019482 _____ C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
2018-03-29 11:20 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-29 09:31 - 2017-03-18 10:03 - 000000384 _____ C:\WINDOWS\Tasks\HPCeeScheduleForimanetter2.job
2018-03-29 08:42 - 2017-12-18 19:18 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-29 06:49 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-29 06:49 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-29 06:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-28 22:29 - 2017-12-18 19:18 - 000003296 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForimanetter2
2018-03-28 19:52 - 2017-12-18 18:54 - 000000000 ____D C:\Users\imanetter2
2018-03-28 10:21 - 2017-03-21 18:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-27 13:37 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-03-27 11:44 - 2017-09-20 12:55 - 000002215 _____ C:\Users\imanetter2\Desktop\Documents.lnk
2018-03-26 20:10 - 2017-12-19 09:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-26 17:52 - 2017-03-16 20:00 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-23 08:13 - 2017-12-18 19:39 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-307245717-3383863141-3362516440-1005
2018-03-23 08:12 - 2017-03-16 12:16 - 000002378 _____ C:\Users\imanetter2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-23 08:12 - 2017-03-16 12:16 - 000000000 ___RD C:\Users\imanetter2\OneDrive
2018-03-22 18:39 - 2017-07-06 15:42 - 000002333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 12:57 - 2017-11-26 19:05 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-15 10:32 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 18:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-14 09:18 - 2017-10-16 19:37 - 000000000 ___RD C:\Users\imanetter2\3D Objects
2018-03-14 09:18 - 2016-08-31 13:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 06:38 - 2017-12-18 18:49 - 000442008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 06:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 06:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 06:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 18:12 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 18:12 - 2017-03-16 14:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 18:10 - 2017-10-10 19:54 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 18:09 - 2017-03-16 14:51 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 18:03 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 18:03 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 08:51 - 2017-12-18 19:18 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 08:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 08:51 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-12 18:13 - 2017-03-16 12:31 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-11 06:37 - 2017-03-16 12:26 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 06:36 - 2017-12-18 19:18 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-03-11 06:35 - 2017-12-18 19:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-03-11 06:35 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-11 06:33 - 2017-03-16 12:26 - 000000000 ____D C:\ProgramData\McAfee
2018-03-07 17:47 - 2017-12-18 19:18 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-06 13:33 - 2017-03-17 20:50 - 000000000 ____D C:\Users\imanetter2\AppData\Local\ElevatedDiagnostics
2018-03-06 07:18 - 2017-03-16 20:46 - 000000000 ____D C:\ProgramData\Sonic
2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 10:46 - 2017-05-16 18:50 - 000004341 _____ C:\Users\imanetter2\Desktop\Desktop Notes 2-20-18.txt
2018-03-02 10:28 - 2017-09-03 08:12 - 000000000 ____D C:\Users\imanetter2\Desktop\Judy
2018-03-02 06:49 - 2018-02-24 12:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-02 06:49 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender

==================== Files in the root of some directories =======

2017-03-16 18:44 - 2018-03-29 13:39 - 000019482 _____ () C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
2017-04-02 10:34 - 2017-04-02 10:34 - 000000000 _____ () C:\Users\imanetter2\AppData\Local\rx_image32.Cache

Some files in TEMP:
====================
2018-03-29 19:39 - 2018-02-10 01:15 - 001954048 _____ (Microsoft Corporation) C:\Users\imanetter2\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 13:31

==================== End of FRST.txt ============================

**Survivor 311** · March 29th, 2018, 11:52 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by imanetter2 (29-03-2018 22:27:24)
Running from C:\Users\imanetter2\AppData\Local\Microsoft\Windows\INetCache\IE\6QNYY9AC
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-19 00:20:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-307245717-3383863141-3362516440-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-307245717-3383863141-3362516440-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-307245717-3383863141-3362516440-1003 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-307245717-3383863141-3362516440-501 - Limited - Disabled)
imanetter2 (S-1-5-21-307245717-3383863141-3362516440-1005 - Administrator - Enabled) => C:\Users\imanetter2
WDAGUtilityAccount (S-1-5-21-307245717-3383863141-3362516440-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
DirectX 9 Runtime (HKLM-x32\...\{3A9527CF-4E91-4683-A03F-F1AD022126E5}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DYMO Label (HKLM-x32\...\{CE289CFA-898E-4601-B858-A25EC0CEA9EE}) (Version: 8.7.0.44412 - Newell Rubbermaid)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hallmark Card Studio 2010 (HKLM-x32\...\{601BE80D-247B-4084-94C7-7A54369DB7A2}) (Version: 11.0.2.1 - Creative Home)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 5660 series Basic Device Software (HKLM\...\{ED9AAC09-EC23-4794-B171-BFE7076B442C}) (Version: 40.11.1107.1739 - HP Inc.)
HP ENVY 5660 series Help (HKLM-x32\...\{607F50D9-40BD-4F17-A584-152F563293B4}) (Version: 34.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP PhotoSmart Photo Printing Software (HKLM-x32\...\HP PhotoSmart Photo Printing Software) (Version: - )
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
RoboForm 7-9-5-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-5-5 - Siber Systems)
RogueKiller version 12.12.10.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.10.0 - Adlice Software)
Roxio Creator 2011 (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio)
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SCRABBLE® (HKLM-x32\...\SCRABBLE®) (Version: - )
SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
TomTom MyDrive Connect 4.2.0.3377 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.0.3377 - TomTom)
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-307245717-3383863141-3362516440-1005_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)
ContextMenuHandlers6_S-1-5-21-307245717-3383863141-3362516440-1005: [RXDCExtSvr] -> {4D766FD3-B880-49D3-B7BD-6CF925221E04} => C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll [2010-07-14] (Sonic Solutions)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075192A5-AD07-4A03-AECF-54D7F16D1171} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {0EC7C271-3341-4FC1-93D6-1D065A0981C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {34D45209-6E47-4A26-B3F0-C91D0B0F70A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {40E0FF84-8822-4E4B-9878-0F10BAEDFFAE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {4ECBB9FD-5CE2-4F3F-AE41-187F390AD4E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
Task: {5D621763-023D-47AF-AAE5-9AC5DEF2E4C8} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-03-29] (Siber Systems)
Task: {5DA34781-8D26-4547-80E8-6B0B285F2819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {67CEC85C-0BAD-41BA-8976-3DED7DA29765} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {7204E1F0-38CD-4328-ADF3-631C872D0239} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {8E21FD66-67B1-48F6-9D1D-DB5D1DE2228C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.)
Task: {963E577C-D755-425A-A87D-0996D51B431C} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMLMOMOJHMOJOMHMCNJMGMKMOMCNLMNMLMNJCNNJNMMJLMCNOMJJKMNMPMKJLMJMOJKMLMKMJNJICMIMCNGMCNKMFMOMOMCNMMPMGMCNOMJMNMGMGMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMGMLMKMJNHICMEKMICNJJCKJNBJCMBLOJBJMJGIPNIKHJKJKJDJKJNIJNKJCMGJCJOJ (the data entry has 131 more characters).
Task: {A5B64E5D-781F-4FF7-99A7-3E7B6C85CE23} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A5BBB9AD-6B42-4FE4-862D-CDC1087D5D7A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {A744F3F8-0587-401E-8319-C27C56E89A2C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {AF0717E3-5473-4BBE-BEF9-986DEE5C5297} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {BC8F368E-3174-4B2A-ADA7-C6BF0F03E7C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CAE6B94E-2A3D-406A-A0CF-D0204F3C6F15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {CF572A1F-4FA2-4F9F-BB25-02495598BEDA} - System32\Tasks\HPCeeScheduleForimanetter2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {DA75A649-7FC3-411F-B027-D30AC4FC62C2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {EBC3FE61-3774-49DB-9C7F-DD0C5B219510} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {ECCAE637-2C9A-41F7-B71E-987AFECB47F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {EF3C6606-4B7F-4DCB-91A6-D053C90C49B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F3C43374-8220-4D13-9CA9-CD8F923FA0EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForimanetter2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

**Survivor 311** · March 29th, 2018, 11:53 PM

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\imanetter2\Desktop\For New Computer 3-16-17\For New Computer\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\imanetter2\Desktop\Computer Backup 2-28-18\For New Computer 3-16-17\For New Computer\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 000817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2009-06-02 19:05 - 2009-06-02 19:05 - 000457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2010-07-14 04:00 - 2010-07-14 04:00 - 000032240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-11-26 19:05 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-26 19:05 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-24 18:11 - 2018-01-05 17:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-07-24 18:11 - 2018-01-05 17:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-12-12 08:13 - 2017-12-12 08:14 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2018-03-22 07:08 - 2018-03-22 07:08 - 002426040 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-03-22 07:08 - 2018-03-22 07:08 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-12-02 08:22 - 2017-12-02 08:22 - 000843672 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.17112.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll
2018-03-17 07:01 - 2018-03-17 07:01 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.17.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 004069888 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2018-03-13 18:00 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 18:00 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-24 06:05 - 2018-03-24 06:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-24 06:05 - 2018-03-24 06:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-24 06:05 - 2018-03-24 06:05 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-24 06:05 - 2018-03-24 06:05 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2010-07-13 21:23 - 2010-07-13 21:23 - 000084464 _____ () C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
2015-11-04 17:43 - 2015-11-04 17:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-03-22 07:08 - 2018-03-22 07:08 - 004330496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-03-17 07:01 - 2018-03-17 07:01 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1803.711.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-03-29 06:47 - 2018-03-29 06:48 - 067038720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-30 06:31 - 2017-09-30 06:32 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-16 07:44 - 2018-02-16 07:44 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 004123648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 015329792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 003962368 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 003250176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-03-02 06:50 - 2018-03-02 06:50 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-02 07:37 - 2018-02-02 07:37 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-29 06:47 - 2018-03-29 06:48 - 000152064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18022.15110.0_x64__8wekyb3d8bbwe\SKU.dll
2010-07-14 04:00 - 2010-07-14 04:00 - 001587696 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2010-07-14 04:00 - 2010-07-14 04:00 - 000107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-307245717-3383863141-3362516440-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\imanetter2\Desktop\Wendy.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\StartupApproved\Run: => "OneDrive"

**Survivor 311** · March 29th, 2018, 11:56 PM

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6ED6AD2B-D662-46A9-A1C8-0D0C951A29A4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C94F21B5-9418-40F5-9A11-0F205B037BB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9E97039F-ACD2-48B1-A104-99BD2DDDD862}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{59A675F2-0B97-4123-ADE2-49C71E78991C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{25C60A8F-8AC7-45AC-9C51-7801D5790DE7}] => (Allow) C:\Users\imanetter2\Desktop\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{CFC1DAF4-39B9-4CE5-AE2D-BB3FA0403852}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9800A82E-228C-424F-A527-DD82E3C90C0B}] => (Allow) D:\Setup.exe
FirewallRules: [{1B771707-77D0-4BF5-859A-8EADD3FB6B08}] => (Allow) D:\Setup.exe
FirewallRules: [{DA6F0C2C-6C27-4CE3-9A8E-50DEE51C1C1C}] => (Allow) D:\Setup.exe
FirewallRules: [{E737C930-CAE2-4563-9EB9-E1D115C102EB}] => (Allow) D:\Setup.exe
FirewallRules: [{707B1F84-C169-48EE-9E5A-B7E074E7FC6C}] => (Allow) D:\Setup.exe
FirewallRules: [{E3FF39A4-A0B9-49CC-854F-B219A155967C}] => (Allow) D:\Setup.exe
FirewallRules: [{F2EBAC90-C41A-49EB-9597-946CDE445A85}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{6CC04549-6CC7-43CA-A64F-24DAF41542E4}] => (Allow) LPort=5357
FirewallRules: [{43AF37A7-EBC8-4D71-8E49-9A878B4EB805}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{58A2B4F6-AC53-4165-BF02-D1E173BC17E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{46A16035-9593-43FC-B81B-62097841D5B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C3A160A5-48DA-431A-9CCC-6F6C3CF40583}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-03-2018 21:34:02 Scheduled Checkpoint
21-03-2018 07:05:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2018 08:54:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/29/2018 08:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x774
Faulting application start time: 0x01d3c76a90c199f6
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: b122ef44-765a-4b96-a66e-6e90ecf845c4
Faulting package full name:
Faulting package-relative application ID:

Error: (03/29/2018 08:48:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 7.0.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 36ec

Start Time: 01d3c7c8ee46837f

Termination Time: 10506

Application Path: C:\Users\imanetter2\Downloads\AdwCleaner.exe

Report Id: 55d8cd19-f5d3-4eb9-ab9c-2512e32d582f

Faulting package full name:

Faulting package-relative application ID:

Error: (03/29/2018 08:17:07 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/29/2018 08:17:07 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/29/2018 08:16:50 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/29/2018 08:16:50 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/29/2018 07:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.248, time stamp: 0x18ee648b
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000374
Fault offset: 0x00000000000f87bb
Faulting process id: 0x1b20
Faulting application start time: 0x01d3c76a966c7dc4
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e953b7e6-17e1-4d71-be9f-4e62715938a9
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (03/29/2018 08:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 08:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 08:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 08:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 06:06:46 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A3ERS1F)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-A3ERS1F\imanetter2 SID (S-1-5-21-307245717-3383863141-3362516440-1005) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/29/2018 09:31:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-02-14 21:30:13.285
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {178B3706-6078-427E-B7CE-706FD13168FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-26 20:24:25.610
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F550B7C1-915C-41B4-86AB-5E74AC13CCD4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-26 19:29:30.601
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F723DF7E-D87A-48D0-9C50-6C85C7AB05C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-26 19:06:22.342
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1410ACB5-7CCF-4477-82A2-E3D047E516B4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-26 18:57:10.576
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {76305B79-8131-42C6-9487-C057C7637164}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-03 19:13:24.518
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.92.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-03 19:13:24.517
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-03 19:13:24.511
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.92.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-03 19:13:24.510
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.92.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-03 19:13:24.510
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.92.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-03-29 22:07:16.071
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 22:07:16.069
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:55:28.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:55:28.015
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:50:11.058
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:50:11.055
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:22:16.087
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-29 21:22:16.081
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 40%
Total physical RAM: 8189.55 MB
Available physical RAM: 4893.77 MB
Total Virtual: 9469.55 MB
Available Virtual: 5634.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:854.02 GB) NTFS

\\?\Volume{7570cbcf-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7570CBCF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Broni** · March 30th, 2018, 05:57 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Survivor 311** · March 30th, 2018, 07:35 PM

After running the program FRST, it brings up the 2 notepads for FRST and Addition. When I press fix, nothing happens. The directory where the FRST application is does not show a fixlog.txt anywhere.

**Survivor 311** · March 31st, 2018, 10:00 AM

Is this what you want?

HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\MountPoints2: {29d0244a-0a99-11e8-a059-1c1b0d4ba688} - "K:\windows\AutoRun.exe"
U3 mfeavfk01; no ImagePath
2017-03-16 18:44 - 2018-03-29 13:39 - 000019482 _____ () C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
2017-04-02 10:34 - 2017-04-02 10:34 - 000000000 _____ () C:\Users\imanetter2\AppData\Local\rx_image32.Cache
2018-03-29 19:39 - 2018-02-10 01:15 - 001954048 _____ (Microsoft Corporation) C:\Users\imanetter2\AppData\Local\Temp\dllnt_dump.dll

Task: {C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

**Broni** · March 31st, 2018, 06:22 PM

No. You run FRST and you click "Fix" button.
Make sure, both files, FRST nad "fixlist" are in the same place.
I can see you have FRST located in "Downloads" folder.
Running from C:\Users\imanetter2\Downloads
So you either place "fixlist" in the same folder or you move both files to your Desktop.

**Survivor 311** · March 31st, 2018, 08:10 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by imanetter2 (31-03-2018 18:53:19) Run:1
Running from C:\Users\imanetter2\Downloads
Loaded Profiles: imanetter2 (Available Profiles: defaultuser0 & imanetter2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-307245717-3383863141-3362516440-1005\...\MountPoints2: {29d0244a-0a99-11e8-a059-1c1b0d4ba688} - "K:\windows\AutoRun.exe"
U3 mfeavfk01; no ImagePath
2017-03-16 18:44 - 2018-03-29 13:39 - 000019482 _____ () C:\Users\imanetter2\AppData\Roaming\wklnhst.dat
2017-04-02 10:34 - 2017-04-02 10:34 - 000000000 _____ () C:\Users\imanetter2\AppData\Local\rx_image32.Cache
2018-03-29 19:39 - 2018-02-10 01:15 - 001954048 _____ (Microsoft Corporation) C:\Users\imanetter2\AppData\Local\Temp\dllnt_dump.dll
Task: {C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

*****************

"HKU\S-1-5-21-307245717-3383863141-3362516440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29d0244a-0a99-11e8-a059-1c1b0d4ba688}" => removed successfully
HKLM\Software\Classes\CLSID\{29d0244a-0a99-11e8-a059-1c1b0d4ba688} => not found
"HKLM\System\CurrentControlSet\Services\mfeavfk01" => removed successfully
mfeavfk01 => service removed successfully
C:\Users\imanetter2\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\imanetter2\AppData\Local\rx_image32.Cache => moved successfully
C:\Users\imanetter2\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C80702D0-A8E9-472D-BDDA-DAD1F9B1C02B}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-03-2018 18:55:17)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 18:55:18 ====

**Survivor 311** · April 1st, 2018, 11:47 AM

In the meantime, I am having other problems. Some of my logins are coming up invalid and will not let me into sites I frequently visit. I am locked out for trying too many times. I think the infection is getting worse.

**Broni** · April 1st, 2018, 03:58 PM

There wasn't actually much there so your login issues must be caused by something else.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

**Survivor 311** · April 1st, 2018, 07:47 PM

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
McAfee VirusScan
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 161
Java version 32-bit out of Date!
Adobe Flash Player 29.0.0.113
Mozilla Thunderbird (52.6.0)
Google Chrome (65.0.3325.181)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

**Survivor 311** · April 1st, 2018, 07:47 PM

Farbar Service Scanner Version: 27-01-2016
Ran by imanetter2 (administrator) on 01-04-2018 at 17:20:54
Running from "C:\Users\imanetter2\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

**Survivor 311** · April 1st, 2018, 07:48 PM

Nothing found in Sophos Virus Removal Tool

Thread: [RESOLVED] Infected Computer

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions