[RESOLVED] MS warning code 33578, ransome ware.
Page 1 of 2 12 LastLast
Results 1 to 15 of 25

Thread: [RESOLVED] MS warning code 33578, ransome ware.

  1. #1
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851

    Resolved [RESOLVED] MS warning code 33578, ransome ware.

    I am infected with something. While on Face Book I got a ms security warning that I am unable to understand. It appears to be from microsoft and when I called the number it said to call he said he was a ms certified tecnician The warning gave virus code 33578 then he said they would have to connect to my computer and tell me what is wrong. This sounds like ransomware. Others on Face book have the same problem What is this? I have run adwcleaner and ms security essentials and both say computer is clean. What next, pay this company 99 to 149 dollars to help me?
    imadreamer2

  2. #2
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    It's a scam. You shouldn't have called them in the first place.

    Please read the ICU rules, and then copy/paste the logs into new posts.
    http://discussions.virtualdr.com/sho...ted-3-21-2015)

  3. #3
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    Here is the ADWCleaner log.
    # AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 20:33:43 2018
    # Updated on 2018/08/02 by Malwarebytes
    # Database: 2018-04-10.1
    # Running on Windows 7 Home Premium (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[C0].txt - [4764 B] - [2017/3/9 23:30:7]
    C:/AdwCleaner/AdwCleaner[C2].txt - [2533 B] - [2017/3/11 1:19:51]
    C:/AdwCleaner/AdwCleaner[S0].txt - [917 B] - [2015/3/15 10:3:4]
    C:/AdwCleaner/AdwCleaner[S10].txt - [4583 B] - [2017/7/30 8:55:56]
    C:/AdwCleaner/AdwCleaner[S11].txt - [1905 B] - [2017/8/4 10:46:18]
    C:/AdwCleaner/AdwCleaner[S12].txt - [1889 B] - [2017/8/15 1:48:11]
    C:/AdwCleaner/AdwCleaner[S13].txt - [1957 B] - [2017/8/21 10:25:36]
    C:/AdwCleaner/AdwCleaner[S14].txt - [2026 B] - [2017/9/2 4:21:14]
    C:/AdwCleaner/AdwCleaner[S15].txt - [3117 B] - [2017/9/6 8:18:7]
    C:/AdwCleaner/AdwCleaner[S16].txt - [2159 B] - [2017/9/19 1:11:0]
    C:/AdwCleaner/AdwCleaner[S17].txt - [2226 B] - [2017/10/15 17:56:34]
    C:/AdwCleaner/AdwCleaner[S18].txt - [2364 B] - [2017/10/28 5:1:31]
    C:/AdwCleaner/AdwCleaner[S19].txt - [2364 B] - [2017/11/3 6:39:52]
    C:/AdwCleaner/AdwCleaner[S1].txt - [4489 B] - [2017/3/9 23:28:4]
    C:/AdwCleaner/AdwCleaner[S20].txt - [2432 B] - [2017/11/4 5:42:16]
    C:/AdwCleaner/AdwCleaner[S21].txt - [2500 B] - [2017/11/13 19:30:27]
    C:/AdwCleaner/AdwCleaner[S22].txt - [2570 B] - [2017/11/21 0:44:19]
    C:/AdwCleaner/AdwCleaner[S23].txt - [2639 B] - [2017/12/6 3:48:15]
    C:/AdwCleaner/AdwCleaner[S24].txt - [2707 B] - [2017/12/11 5:37:8]
    C:/AdwCleaner/AdwCleaner[S25].txt - [2775 B] - [2017/12/13 2:41:5]
    C:/AdwCleaner/AdwCleaner[S26].txt - [2843 B] - [2017/12/31 17:13:39]
    C:/AdwCleaner/AdwCleaner[S27].txt - [2913 B] - [2018/1/9 16:16:58]
    C:/AdwCleaner/AdwCleaner[S28].txt - [2981 B] - [2018/1/10 15:21:47]
    C:/AdwCleaner/AdwCleaner[S29].txt - [3050 B] - [2018/1/15 17:25:43]
    C:/AdwCleaner/AdwCleaner[S2].txt - [1558 B] - [2017/3/11 0:43:21]
    C:/AdwCleaner/AdwCleaner[S30].txt - [3119 B] - [2018/1/27 18:32:50]
    C:/AdwCleaner/AdwCleaner[S31].txt - [3188 B] - [2018/1/27 18:40:49]
    C:/AdwCleaner/AdwCleaner[S32].txt - [3257 B] - [2018/1/30 22:21:4]
    C:/AdwCleaner/AdwCleaner[S33].txt - [3325 B] - [2018/2/2 0:45:5]
    C:/AdwCleaner/AdwCleaner[S34].txt - [3391 B] - [2018/3/1 3:48:59]
    C:/AdwCleaner/AdwCleaner[S35].txt - [3458 B] - [2018/3/4 4:26:15]
    C:/AdwCleaner/AdwCleaner[S36].txt - [3525 B] - [2018/4/4 22:18:57]
    C:/AdwCleaner/AdwCleaner[S37].txt - [3593 B] - [2018/4/5 18:17:24]
    C:/AdwCleaner/AdwCleaner[S38].txt - [3661 B] - [2018/4/10 1:10:1]
    C:/AdwCleaner/AdwCleaner[S3].txt - [1619 B] - [2017/3/31 17:22:36]
    C:/AdwCleaner/AdwCleaner[S4].txt - [1692 B] - [2017/5/4 5:25:57]
    C:/AdwCleaner/AdwCleaner[S5].txt - [1765 B] - [2017/5/11 7:18:59]
    C:/AdwCleaner/AdwCleaner[S6].txt - [1838 B] - [2017/6/2 8:49:10]
    C:/AdwCleaner/AdwCleaner[S7].txt - [1910 B] - [2017/6/12 10:49:45]
    C:/AdwCleaner/AdwCleaner[S8].txt - [1983 B] - [2017/6/18 20:40:56]
    C:/AdwCleaner/AdwCleaner[S9].txt - [2693 B] - [2017/7/19 3:2:31]
    imadreamer2

  4. #4
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    Trying to start the new thread but when I past the contents of the First it says my post is too long, I need to shorten it and won't go on so I can't even post the addition.
    imadreamer2

  5. #5
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    Don't start a new thread.

    Copy/paste the logs across several posts.

  6. #6
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    Not letting me post the log into a new post. Says it is too long to shorten it to 5000
    imadreamer2

  7. #7
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851

    Possible ransomware infection

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by Imadreamer 2 (administrator) on IMADREAMER2-PC (10-04-2018 16:41:07)
    Running from C:\Users\Imadreamer 2\Desktop
    Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRAE.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [Chromium] => c:\users\imadreamer 2\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRAE.EXE [417776 2014-11-13] (SEIKO EPSON CORPORATION)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-02-08]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    imadreamer2

  8. #8
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    =================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 108.166.149.2 108.166.149.3
    Tcpip\..\Interfaces\{F05EB2CB-9A36-4D5A-8E89-BE8EFBD0165F}: [DhcpNameServer] 108.166.149.2 108.166.149.3

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    imadreamer2

  9. #9
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851

    I think I have ransomware

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
    Ran by Imadreamer 2 (administrator) on IMADREAMER2-PC (10-04-2018 16:41:07)
    Running from C:\Users\Imadreamer 2\Desktop
    Loaded Profiles: Imadreamer 2 (Available Profiles: Imadreamer 2)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRAE.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [Chromium] => c:\users\imadreamer 2\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRAE.EXE [417776 2014-11-13] (SEIKO EPSON CORPORATION)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-02-08]
    ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 108.166.149.2 108.166.149.3
    Tcpip\..\Interfaces\{F05EB2CB-9A36-4D5A-8E89-BE8EFBD0165F}: [DhcpNameServer] 108.166.149.2 108.166.149.3

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-478529873-2400661344-62306198-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ytd_17_36&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzz0AyD0BtB0A0FtByC0B0CtCyB0BtN0D0Tzu0StBtDyByEtN1L2XzutAtFtBzytFtCtDyEtFzztCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAtD0E0D0E0AyBtBtGyBtC0D0AtG0BtCzz0CtGyDtByE0EtG0CtA0DyDtDyBtAyEtB0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCzy0DtA0AyBtAtG0EtAyDyBtGyE0D0C0FtGzz0B0A0FtGyE0B0FtDyBtA0EtB0D0Fzy0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEtCyByD%26cr%3D1722965395%26a%3Dwbf_ytd_17_36%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 8l3hh72p.default-1408496619543
    FF ProfilePath: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 [2018-04-10]
    FF Homepage: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> hxxps://mail.google.com/mail/u/0/#inbox/15e53f27c4c7a46e
    FF Extension: (Adblock Plus) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
    FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\features\{0ba8ea3d-9e53-4494-89a8-3e7bf0cc2eff}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
    CHR HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-11-08] (Seiko Epson Corporation)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 MpKsl55623324; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4AED5A-F55A-4867-9092-E3C230DD7FFE}\MpKsl55623324.sys [58120 2018-04-10] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-02] ()


    LastRegBack: 2018-04-08 20:33

    ==================== End of FRST.txt ============================
    imadreamer2

  10. #10
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    What is
    FireFox:
    ========
    FF DefaultProfile: 8l3hh72p.default-1408496619543
    FF ProfilePath: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 [2018-04-10]
    FF Homepage: Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543 -> hxxps://mail.google.com/mail/u/0/#inbox/15e53f27c4c7a46e
    FF Extension: (Adblock Plus) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
    FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\8l3hh72p.default-1408496619543\features\{0ba8ea3d-9e53-4494-89a8-3e7bf0cc2eff}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
    CHR HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKU\S-1-5-21-478529873-2400661344-62306198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - <no Path/update_url>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-11-08] (Seiko Epson Corporation)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 MpKsl55623324; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4AED5A-F55A-4867-9092-E3C230DD7FFE}\MpKsl55623324.sys [58120 2018-04-10] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-02] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-10 16:41 - 2018-04-10 16:42 - 000015856 _____ C:\Users\Imadreamer 2\Desktop\FRST.txt
    2018-04-10 16:41 - 2018-04-10 16:41 - 000000000 ____D C:\FRST
    2018-04-10 16:38 - 2018-04-10 16:38 - 002403328 _____ (Farbar) C:\Users\Imadreamer 2\Desktop\FRST64.exe
    2018-04-09 16:36 - 2018-04-09 16:36 - 001181596 _____ C:\Users\Imadreamer 2\Desktop\Statement.pdf
    2018-04-08 16:53 - 2018-04-08 16:53 - 001379511 _____ C:\Users\Imadreamer 2\Desktop\midamericanpayconf4818.pdf
    2018-04-06 14:04 - 2015-02-27 13:05 - 000001313 _____ C:\Users\Imadreamer 2\Desktop\pass.txt
    2018-04-06 11:22 - 2018-04-06 11:22 - 000259078 _____ C:\Users\Imadreamer 2\Desktop\PTCandRRPForecast.pdf
    2018-03-29 19:26 - 2018-03-28 03:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-03-29 19:26 - 2018-03-28 03:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2018-03-29 19:26 - 2018-03-28 03:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2018-03-24 22:35 - 2018-03-24 22:35 - 008236645 _____ C:\Users\Imadreamer 2\Desktop\NAH-11HouseholdItems-Book.pdf
    2018-03-15 11:32 - 2018-03-15 11:32 - 000700847 _____ C:\Users\Imadreamer 2\Desktop\Comm060.pdf
    2018-03-13 20:38 - 2018-03-13 20:38 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-03-13 16:56 - 2018-03-08 22:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-03-13 16:56 - 2018-03-08 22:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-03-13 16:56 - 2018-03-08 22:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-03-13 16:56 - 2018-03-08 22:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-03-13 16:56 - 2018-03-08 22:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-03-13 16:56 - 2018-03-08 22:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    imadreamer2

  11. #11
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 22:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-03-13 16:56 - 2018-03-08 21:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-03-13 16:56 - 2018-03-08 21:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-03-13 16:56 - 2018-03-08 21:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-03-13 16:56 - 2018-03-08 21:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2018-03-13 16:56 - 2018-03-08 21:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-03-13 16:56 - 2018-03-08 21:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-03-13 16:56 - 2018-03-08 21:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-03-13 16:56 - 2018-03-08 21:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-03-13 16:56 - 2018-03-08 21:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-03-13 16:56 - 2018-03-08 21:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-03-13 16:56 - 2018-03-08 21:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-03-13 16:56 - 2018-03-08 21:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2018-03-13 16:56 - 2018-03-08 21:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2018-03-13 16:56 - 2018-03-08 21:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2018-03-13 16:56 - 2018-03-08 21:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2018-03-13 16:56 - 2018-03-08 21:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2018-03-13 16:56 - 2018-03-08 21:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2018-03-13 16:56 - 2018-03-08 21:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-08 21:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2018-03-13 16:56 - 2018-03-01 03:36 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-03-13 16:56 - 2018-02-21 22:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2018-03-13 16:56 - 2018-02-21 22:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
    2018-03-13 16:56 - 2018-02-18 16:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-03-13 16:56 - 2018-02-16 23:27 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-03-13 16:56 - 2018-02-16 22:36 - 000340088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-03-13 16:56 - 2018-02-16 10:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-03-13 16:56 - 2018-02-16 10:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-03-13 16:56 - 2018-02-16 10:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-03-13 16:56 - 2018-02-16 10:45 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-03-13 16:56 - 2018-02-16 10:44 - 013678080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-03-13 16:56 - 2018-02-16 10:24 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2018-03-13 16:56 - 2018-02-16 10:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2018-03-13 16:56 - 2018-02-16 10:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-03-13 16:56 - 2018-02-16 10:19 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-03-13 16:56 - 2018-02-16 09:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-03-13 16:56 - 2018-02-16 09:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2018-03-13 16:56 - 2018-02-15 10:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-03-13 16:56 - 2018-02-15 09:57 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-03-13 16:56 - 2018-02-10 13:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
    2018-03-13 16:56 - 2018-02-10 13:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
    2018-03-13 16:56 - 2018-02-10 13:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
    2018-03-13 16:56 - 2018-02-10 13:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
    2018-03-13 16:56 - 2018-02-10 13:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
    2018-03-13 16:56 - 2018-02-10 13:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2018-03-13 16:56 - 2018-02-10 13:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
    2018-03-13 16:56 - 2018-02-10 13:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
    2018-03-13 16:56 - 2018-02-10 13:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2018-03-13 16:56 - 2018-02-10 13:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
    2018-03-13 16:56 - 2018-02-10 13:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
    2018-03-13 16:56 - 2018-02-10 13:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
    2018-03-13 16:56 - 2018-02-10 12:55 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-03-13 16:56 - 2018-02-10 12:55 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-03-13 16:56 - 2018-02-10 12:40 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-03-13 16:56 - 2018-02-10 12:40 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-03-13 16:56 - 2018-02-10 12:40 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-03-13 16:56 - 2018-02-10 12:40 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-03-13 16:56 - 2018-02-10 12:40 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-03-13 16:56 - 2018-02-10 12:37 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-03-13 16:56 - 2018-02-10 12:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
    2018-03-13 16:56 - 2018-02-10 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
    2018-03-13 16:56 - 2018-02-10 12:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
    2018-03-13 16:56 - 2018-02-10 12:32 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-03-13 16:56 - 2018-02-10 12:31 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-03-13 16:56 - 2018-02-10 12:29 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-03-13 16:56 - 2018-02-10 12:28 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-03-13 16:56 - 2018-02-10 12:28 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-03-13 16:56 - 2018-02-10 12:27 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-03-13 16:56 - 2018-02-10 12:27 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-03-13 16:56 - 2018-02-10 12:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
    2018-03-13 16:56 - 2018-02-10 12:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
    2018-03-13 16:56 - 2018-02-10 12:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
    2018-03-13 16:56 - 2018-02-10 12:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
    2018-03-13 16:56 - 2018-02-10 12:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
    2018-03-13 16:56 - 2018-02-10 12:22 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2018-03-13 16:56 - 2018-02-10 12:20 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-03-13 16:56 - 2018-02-10 12:10 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-03-13 16:56 - 2018-02-10 12:10 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-03-13 16:56 - 2018-02-10 12:10 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2018-03-13 16:56 - 2018-02-10 12:09 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-03-13 16:56 - 2018-02-10 12:09 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-03-13 16:56 - 2018-02-10 12:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-03-13 16:56 - 2018-02-10 12:09 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2018-03-13 16:56 - 2018-02-10 12:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-03-13 16:56 - 2018-02-10 12:06 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-03-13 16:56 - 2018-02-10 12:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-03-13 16:56 - 2018-02-10 12:03 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2018-03-13 16:56 - 2018-02-10 12:01 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-03-13 16:56 - 2018-02-10 12:01 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-03-13 16:56 - 2018-02-10 12:00 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-03-13 16:56 - 2018-02-10 12:00 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-03-13 16:56 - 2018-02-10 12:00 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2018-03-13 16:56 - 2018-02-10 11:57 - 015281664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-03-13 16:56 - 2018-02-10 11:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-03-13 16:56 - 2018-02-10 11:50 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-03-13 16:56 - 2018-02-10 11:50 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-03-13 16:56 - 2018-02-10 11:47 - 002134016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-03-13 16:56 - 2018-02-10 11:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-03-13 16:56 - 2018-02-10 11:47 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2018-03-13 16:56 - 2018-02-10 11:47 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2018-03-13 16:56 - 2018-02-10 11:46 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2018-03-13 16:56 - 2018-02-10 11:44 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-03-13 16:56 - 2018-02-10 11:41 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2018-03-13 16:56 - 2018-02-10 11:40 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-03-13 16:56 - 2018-02-10 11:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2018-03-13 16:56 - 2018-02-10 11:34 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-03-13 16:56 - 2018-02-10 11:33 - 002058240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-03-13 16:56 - 2018-02-10 11:33 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2018-03-13 16:56 - 2018-02-10 11:23 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-03-13 16:56 - 2018-02-10 11:12 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-03-13 16:56 - 2018-02-10 11:11 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-03-13 16:56 - 2018-02-10 11:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-03-13 16:56 - 2018-02-02 13:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-03-13 16:56 - 2018-02-02 13:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2018-03-13 16:56 - 2018-02-02 13:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2018-03-13 16:56 - 2018-02-02 13:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2018-03-13 16:56 - 2018-02-02 13:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2018-03-13 16:56 - 2018-02-02 13:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2018-03-13 16:56 - 2018-02-02 13:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2018-03-13 16:56 - 2018-02-02 13:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2018-03-13 16:56 - 2018-02-02 13:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2018-03-13 16:56 - 2018-02-02 13:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-03-13 16:56 - 2018-02-02 12:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2018-03-13 16:56 - 2018-02-02 12:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2018-03-13 16:56 - 2018-01-15 14:59 - 000002048 _____ (Microsoft Corporation) C:
    imadreamer2

  12. #12
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    \Windows\system32\tzres.dll
    2018-03-13 16:56 - 2018-01-15 14:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-03-13 16:56 - 2018-01-12 11:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2018-03-13 16:56 - 2018-01-12 11:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2018-03-13 16:54 - 2018-02-13 13:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2018-03-13 16:54 - 2018-02-13 13:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2018-03-13 16:54 - 2018-02-13 09:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2018-03-13 16:54 - 2018-02-13 09:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-04-10 16:34 - 2018-01-25 15:34 - 000000911 _____ C:\Windows\Tasks\EPSON XP-440 Series Update {763265C9-0ADB-45A6-B29C-9A6011F3A70C}.job
    2018-04-10 16:04 - 2017-03-09 17:15 - 000000000 ____D C:\Users\Imadreamer 2\AppData\LocalLow\Mozilla
    2018-04-10 15:33 - 2015-03-15 04:59 - 000000000 ____D C:\AdwCleaner
    2018-04-10 14:53 - 2018-01-07 13:33 - 000000000 ____D C:\Clickrewardswinner
    2018-04-10 14:25 - 2009-07-13 23:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-04-10 14:25 - 2009-07-13 23:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-04-10 14:12 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-04-10 14:12 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
    2018-04-10 14:08 - 2014-02-20 01:39 - 000000000 ____D C:\Users\Imadreamer 2\AppData\Roaming\FileAdvisor
    2018-04-10 14:07 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-04-09 16:34 - 2018-02-25 17:18 - 000366080 _____ C:\Users\Imadreamer 2\Desktop\checkregister2017March-2018.xls
    2018-03-28 10:39 - 2015-03-06 01:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2018-03-28 10:39 - 2014-02-08 01:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-03-20 21:58 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
    2018-03-20 18:59 - 2014-02-08 08:13 - 000000000 ____D C:\Users\Imadreamer 2
    2018-03-17 12:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
    2018-03-13 20:39 - 2014-02-08 02:26 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2018-03-13 20:38 - 2014-02-08 02:26 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2018-03-13 20:38 - 2014-02-08 02:26 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2018-03-13 20:38 - 2014-02-08 02:26 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-03-13 20:38 - 2014-02-08 02:26 - 000000000 ____D C:\Windows\system32\Macromed
    2018-03-13 20:28 - 2009-07-13 23:45 - 000287032 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-03-13 20:25 - 2014-12-10 23:31 - 000000000 ____D C:\Windows\system32\appraiser
    2018-03-13 17:39 - 2014-02-08 00:19 - 000000000 ____D C:\Windows\system32\MRT
    2018-03-13 17:37 - 2017-10-14 02:07 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-03-13 17:37 - 2014-02-08 00:19 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-03-11 02:47 - 2015-03-02 02:47 - 000003518 _____ C:\Windows\System32\Tasks\FileAdvisorCheck
    2018-03-11 02:47 - 2015-03-02 02:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
    2018-03-11 02:47 - 2015-03-02 02:47 - 000000000 ____D C:\Program Files (x86)\File Type Advisor

    Some files in TEMP:
    ====================
    2018-02-05 17:33 - 2014-02-18 16:10 - 000081920 _____ (Foxit Software) C:\Users\Imadreamer 2\AppData\Local\Temp\fox91F3.exe
    2017-09-05 13:23 - 2017-09-05 13:23 - 001787832 _____ (HOW Inc. ) C:\Users\Imadreamer 2\AppData\Local\Temp\FYDSetup.exe
    2017-10-15 12:42 - 2017-10-04 17:20 - 000863696 _____ (Malwarebytes) C:\Users\Imadreamer 2\AppData\Local\Temp\mb-clean.exe
    2017-10-15 12:42 - 2017-10-15 12:45 - 071535032 _____ (Malwarebytes ) C:\Users\Imadreamer 2\AppData\Local\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-04-08 20:33

    ==================== End of FRST.txt ============================ i hope i got it all.
    imadreamer2

  13. #13
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
    Ran by Imadreamer 2 (10-04-2018 16:42:47)
    Running from C:\Users\Imadreamer 2\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2014-02-08 13:13:21)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-478529873-2400661344-62306198-500 - Administrator - Disabled)
    Guest (S-1-5-21-478529873-2400661344-62306198-501 - Limited - Disabled)
    Imadreamer 2 (S-1-5-21-478529873-2400661344-62306198-1000 - Administrator - Enabled) => C:\Users\Imadreamer 2

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Hidden
    Amazon Kindle (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
    Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
    EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
    Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
    Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
    Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
    EPSON XP-440 Series Printer Uninstall (HKLM\...\EPSON XP-440 Series) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation)
    EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
    FastStone Image Viewer 3.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)
    File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - )
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
    Free YouTube Downloader 4.2.779 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
    Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
    Sansa Updater (HKU\S-1-5-21-478529873-2400661344-62306198-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-05-04] (Advanced Micro Devices, Inc.)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0ED42A30-D2CB-4252-864E-F7E6DC99B9A3} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2014-02-24] (File Type Advisor)
    Task: {5B4FC1CF-8812-43CF-AC80-AC79A5A3C519} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2014-02-24] ( )
    Task: {5CA612B7-829E-4F25-A41D-619903FFB3C9} - System32\Tasks\{763EAC16-462A-4AC7-990D-DE4792C316FD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Trillian\Trillian.exe" -c /uninstall
    Task: {77440157-BDA9-46B5-9890-9CB85BC1D2E7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {79258944-2B99-4623-AF34-216CE442BDD7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
    Task: {AF7DB2FC-668D-4D21-8DCC-AC7821ECBE24} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
    Task: {D13DABF3-FE51-4747-9FF6-E65F915734AB} - System32\Tasks\EPSON XP-440 Series Update {763265C9-0ADB-45A6-B29C-9A6011F3A70C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRAE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\EPSON XP-440 Series Update {763265C9-0ADB-45A6-B29C-9A6011F3A70C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRAE.EXE:/EXE:{763265C9-0ADB-45A6-B29C-9A6011F3A70C} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2012-05-04 16:40 - 2012-05-04 16:40 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2012-05-04 16:47 - 2012-05-04 16:47 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1 [298]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2017-09-06 02:38 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-478529873-2400661344-62306198-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imadreamer 2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 108.166.149.2 - 108.166.149.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3CA80845-28CE-49DE-84F7-032B572B948A}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
    FirewallRules: [{DE47FBB2-6CFB-4363-A518-D2833444763D}] => (Allow) C:\Users\Imadreamer 2\Downloads\The_Secret_Billionaire_The_Complete_Collection_-_Chloe_Cassidy_downloader.exe
    FirewallRules: [{038DCE08-AA50-474B-905F-A4A7E44C899A}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
    FirewallRules: [{0BA9217A-C798-4EEE-8535-5B14A73C4E64}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe
    FirewallRules: [{630EA1CC-24FC-4A73-88A4-9180A9BACDA4}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{A7FF72A0-CCDE-456F-9A52-E379FA93396B}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
    FirewallRules: [{4528E18E-9623-45BB-8205-5A7B02B98242}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{C2F8C00C-1E42-417B-BAF5-FE281C568669}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{2428A509-4303-49DE-823D-BF8DC7007B5B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{5B4775DB-902A-41EB-9102-14DF1CB1D25D}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{F641D030-0306-44B4-B76D-6B766DB2E34E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{438561C7-FE05-47C5-8F69-7672E10BE5A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{57882B2C-FC53-455E-BCED-A802324BABDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5E7F45FE-94A5-4860-BB8A-047EB39199B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{308930F7-ACD1-4F51-975B-F86CF4093614}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{17FE2D9B-410D-42A7-8729-5CEEE54501C5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

    ==================== Restore Points =========================

    17-03-2018 19:02:02 Windows Update
    20-03-2018 19:11:31 Windows Update
    24-03-2018 14:36:19 Windows Update
    27-03-2018 20:17:05 Windows Update
    29-03-2018 21:36:25 Windows Update
    02-04-2018 11:40:30 Windows Update
    06-04-2018 10:54:47 Windows Update
    06-04-2018 16:40:50 Windows Update
    10-04-2018 14:20:11 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/10/2018 02:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/09/2018 06:27:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/09/2018 03:05:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/08/2018 07:29:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/08/2018 03:36:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    imadreamer2

  14. #14
    Join Date
    Sep 2001
    Location
    Davenport, Iowa, USA
    Posts
    851
    Something really seems to be messing me up. The post appears than vanishes. The First Log seems awful long and it is hard to break it into smaller parts. Yet the additional posted correctly I think.
    imadreamer2

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    First of all, did you allow those scammers to take over your computer?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •