Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old January 9th, 2019, 02:52 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Constant buffering on Twitch, Slow webpages & constant fan running

I'm not sure if im infected, but watching Twitch Streams is very slow, my pages are slow to load and my fan runs constant. Any help you can provide can be great!

Matt
Reply With Quote


  #2  
Old January 10th, 2019, 04:07 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,877
Hi Matt,

We can surely take a look. As for the fan running, is it a laptop or desktop?


For 32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For 64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

If you don't know which system you have (32/64), that's okay. The wrong scan will tell you it's wrong..
Reply With Quote
  #3  
Old January 10th, 2019, 05:08 PM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Hi Jintan,

It's a HP laptop. Would you like me to scan and post results?
Reply With Quote
  #4  
Old January 10th, 2019, 11:51 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,877
Yes please.
Reply With Quote
  #5  
Old January 11th, 2019, 04:40 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2019 01
Ran by MattS (administrator) on DESKTOP-3JLMS2K (10-01-2019 21:35:17)
Running from C:\Users\MattS\AppData\Local\Packages\Microsoft.Mi crosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: MattS (Available Profiles: MattS)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txy ewy\LockApp.exe
(Farbar) C:\Users\MattS\AppData\Local\Packages\Microsoft.Mi crosoftEdge_8wekyb3d8bbwe\TempState\Downloads\FRST 64 (1).exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\mfpmp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270208 2018-11-13] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5e8f0b63-1853-4420-a976-cc1122130f6e}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.8.0.0_neutral __c1wakc4j0nefm [2018-12-11]

FireFox:
========
FF DefaultProfile: ohynabhe.default-1539093113586
FF ProfilePath: C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\ohynabhe.default-1539093113586 [2019-01-10]
FF user.js: detected! => C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\ohynabhe.default-1539093113586\user.js [2018-12-26]
FF NetworkProxy: Mozilla\Firefox\Profiles\ohynabhe.default-1539093113586 -> type", 0
FF Extension: (NoSquint Plus) - C:\Users\MattS\AppData\Roaming\Mozilla\Firefox\Pro files\ohynabhe.default-1539093113586\Extensions\zoomlevelplus@zoomlevelpl us.net.xpi [2018-10-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_ 114.dll [2019-01-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_ 114.dll [2019-01-08] ()

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-10-12] (Intel Corporation)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-11-13] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-17] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-17] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [1816520 2018-03-02] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-17] (Hewlett-Packard Company)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-11-13] (REALiX(tm))
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [33048 2016-07-11] ()
S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [15032 2016-07-11] (TPMX Electronics Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010656 2017-11-27] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5733920 2016-12-09] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated)
S3 UsbFltr; C:\WINDOWS\System32\Drivers\UsbFltr.sys [12288 2007-04-09] (Waytech Development, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-17] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-17] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-17] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64 .sys [34944 2018-05-11] (HP)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-09-24] (Zemana Ltd.)
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.s ys [X]
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Reply With Quote
  #6  
Old January 11th, 2019, 04:42 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-10 10:07 - 2019-01-10 21:35 - 000000000 ____D C:\FRST
2019-01-10 08:25 - 2019-01-10 08:25 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-01-10 08:22 - 2019-01-10 21:35 - 000112803 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-01-09 22:38 - 2019-01-02 13:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-09 22:38 - 2019-01-02 13:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-09 22:33 - 2019-01-01 07:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 22:33 - 2019-01-01 07:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 22:33 - 2019-01-01 01:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 22:33 - 2019-01-01 01:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 22:33 - 2019-01-01 01:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 22:33 - 2019-01-01 01:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 22:33 - 2019-01-01 01:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 22:33 - 2019-01-01 01:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 22:33 - 2019-01-01 01:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 22:33 - 2019-01-01 01:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 22:33 - 2019-01-01 01:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 22:33 - 2019-01-01 01:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 22:33 - 2019-01-01 01:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 22:33 - 2019-01-01 01:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 22:33 - 2019-01-01 01:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 22:33 - 2019-01-01 00:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 22:33 - 2019-01-01 00:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 22:33 - 2019-01-01 00:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 22:33 - 2019-01-01 00:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 22:33 - 2019-01-01 00:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 22:33 - 2019-01-01 00:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 22:33 - 2019-01-01 00:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 22:33 - 2019-01-01 00:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 22:33 - 2019-01-01 00:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 22:33 - 2019-01-01 00:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 22:33 - 2019-01-01 00:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 22:33 - 2019-01-01 00:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 22:33 - 2019-01-01 00:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 22:33 - 2019-01-01 00:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 22:33 - 2019-01-01 00:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 22:33 - 2019-01-01 00:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 22:33 - 2019-01-01 00:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 22:33 - 2019-01-01 00:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 22:33 - 2019-01-01 00:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 22:33 - 2019-01-01 00:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 22:33 - 2019-01-01 00:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 22:33 - 2019-01-01 00:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 22:33 - 2019-01-01 00:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 22:33 - 2019-01-01 00:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 22:33 - 2019-01-01 00:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 22:33 - 2019-01-01 00:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 22:33 - 2019-01-01 00:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 22:33 - 2019-01-01 00:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 22:33 - 2019-01-01 00:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 22:33 - 2019-01-01 00:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 22:32 - 2019-01-01 07:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 22:32 - 2019-01-01 07:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 22:32 - 2019-01-01 07:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 22:32 - 2019-01-01 07:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 22:32 - 2019-01-01 07:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 22:32 - 2019-01-01 07:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 22:32 - 2019-01-01 07:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 22:32 - 2019-01-01 07:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 22:32 - 2019-01-01 01:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 22:32 - 2019-01-01 01:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 22:32 - 2019-01-01 01:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 22:32 - 2019-01-01 01:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 22:32 - 2019-01-01 01:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2019-01-09 22:32 - 2019-01-01 01:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 22:32 - 2019-01-01 01:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 22:32 - 2019-01-01 00:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 22:32 - 2019-01-01 00:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 22:32 - 2019-01-01 00:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 22:32 - 2019-01-01 00:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 22:32 - 2019-01-01 00:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider. dll
2019-01-09 22:32 - 2019-01-01 00:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 22:32 - 2019-01-01 00:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 22:32 - 2019-01-01 00:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Work flow.dll
2019-01-09 22:32 - 2019-01-01 00:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 22:32 - 2019-01-01 00:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 22:32 - 2019-01-01 00:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.OnlineId.dll
2019-01-09 22:32 - 2019-01-01 00:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2019-01-09 22:32 - 2019-01-01 00:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 22:32 - 2019-01-01 00:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 22:32 - 2019-01-01 00:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 22:32 - 2019-01-01 00:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider. dll
2019-01-09 22:32 - 2019-01-01 00:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 22:32 - 2019-01-01 00:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 22:32 - 2019-01-01 00:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 22:32 - 2019-01-01 00:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Work flow.dll
2019-01-09 22:32 - 2019-01-01 00:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 22:32 - 2019-01-01 00:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 22:32 - 2019-01-01 00:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.OnlineId.dll
2019-01-09 22:32 - 2019-01-01 00:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 22:32 - 2019-01-01 00:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 22:32 - 2018-12-31 23:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 22:32 - 2018-12-18 22:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-08 22:27 - 2019-01-08 22:27 - 000994424 _____ C:\Users\MattS\Downloads\direct.jfif
2019-01-08 19:33 - 2019-01-08 19:33 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2019-01-08 19:33 - 2019-01-08 19:33 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-01-08 12:11 - 2019-01-08 12:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2019-01-08 11:32 - 2019-01-08 11:32 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4352A7F9.sys
2019-01-08 11:10 - 2019-01-08 11:11 - 006624296 _____ (Zemana Ltd. ) C:\Users\MattS\Downloads\Zemana.AntiMalware.Setup. exe
2019-01-08 10:47 - 2019-01-08 10:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\265362B9.sys
2019-01-08 10:34 - 2019-01-08 11:33 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-01-08 10:33 - 2019-01-08 10:33 - 014178840 _____ (Malwarebytes Corp.) C:\Users\MattS\Downloads\mbar-1.10.3.1001.exe
2019-01-08 10:28 - 2019-01-08 10:28 - 007320272 _____ (Malwarebytes) C:\Users\MattS\Downloads\adwcleaner_7.2.6.0(1).exe
2019-01-07 17:50 - 2019-01-07 17:51 - 000000134 _____ C:\Users\MattS\Downloads\rufus.ini
2019-01-07 17:50 - 2019-01-07 17:50 - 001032248 _____ (Akeo Consulting) C:\Users\MattS\Downloads\rufus-3.4p.exe
2019-01-07 17:50 - 2019-01-07 17:50 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-01-02 17:46 - 2019-01-02 17:47 - 007320272 _____ (Malwarebytes) C:\Users\MattS\Downloads\adwcleaner_7.2.6.0.exe
2018-12-31 11:04 - 2018-12-31 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-12-31 11:04 - 2018-12-31 11:04 - 000000000 ____D C:\ProgramData\ESET
2018-12-31 11:04 - 2018-12-31 11:04 - 000000000 ____D C:\Program Files\ESET
2018-12-31 11:01 - 2018-12-31 11:01 - 005455616 _____ (ESET) C:\Users\MattS\Downloads\eset_nod32_antivirus_live _installer(3).exe
2018-12-29 11:13 - 2018-12-29 11:13 - 006193152 _____ C:\WINDOWS\system32\config\drivers.iobit
2018-12-29 11:07 - 2018-12-29 11:07 - 000000000 ____D C:\Users\MattS\AppData\Local\mbam
2018-12-29 11:03 - 2018-12-29 11:03 - 000000000 ____D C:\Users\MattS\AppData\Local\mbamtray
2018-12-26 15:18 - 2018-12-26 15:19 - 041515816 _____ (IObit ) C:\Users\MattS\Downloads\advanced-systemcare-setup.exe
2018-12-20 18:00 - 2018-12-20 18:00 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3107326716-814032089-3740455390-1001
2018-12-20 18:00 - 2018-12-20 18:00 - 000002363 _____ C:\Users\MattS\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\OneDrive.lnk
2018-12-20 11:03 - 2018-12-14 01:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-20 11:03 - 2018-12-14 01:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-20 11:03 - 2018-12-14 01:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-20 11:03 - 2018-12-14 01:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-20 11:03 - 2018-12-14 01:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-20 11:03 - 2018-12-14 01:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-20 11:03 - 2018-12-14 01:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-20 11:03 - 2018-12-14 01:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-20 11:03 - 2018-12-14 01:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-20 11:03 - 2018-12-14 00:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-20 11:03 - 2018-12-14 00:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-20 11:03 - 2018-12-14 00:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-20 11:03 - 2018-12-14 00:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-20 11:03 - 2018-12-14 00:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2018-12-20 11:03 - 2018-12-14 00:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-20 11:03 - 2018-12-14 00:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2018-12-20 11:03 - 2018-12-14 00:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-17 08:45 - 2018-12-17 08:45 - 000403888 _____ C:\ProgramData\cl.uninstall.1545057819.bdinstall.v 2.bin
2018-12-17 08:45 - 2018-12-17 08:45 - 000057640 _____ C:\ProgramData\agent.uninstall.1545057913.bdinstal l.v2.bin
2018-12-13 09:13 - 2018-12-13 09:13 - 007321808 _____ (Malwarebytes) C:\Users\MattS\Downloads\adwcleaner_7.2.5.0(1).exe
2018-12-12 14:35 - 2018-12-08 02:06 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-12 14:35 - 2018-12-08 02:04 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-12-12 14:35 - 2018-12-08 01:47 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-12 14:35 - 2018-12-08 01:46 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-12-12 14:35 - 2018-12-08 01:46 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-12-12 14:35 - 2018-12-08 01:29 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-12-12 14:35 - 2018-12-08 01:28 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-12-12 14:35 - 2018-12-08 01:24 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-12-12 14:35 - 2018-11-08 19:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-12-12 14:34 - 2018-12-08 06:47 - 000645320 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-12-12 14:34 - 2018-12-08 06:42 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-12-12 14:34 - 2018-12-08 06:41 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-12-12 14:34 - 2018-12-08 06:41 - 000481880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-12-12 14:34 - 2018-12-08 06:40 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-12-12 14:34 - 2018-12-08 06:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-12-12 14:34 - 2018-12-08 06:25 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-12 14:34 - 2018-12-08 06:23 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-12-12 14:34 - 2018-12-08 06:23 - 002892288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-12-12 14:34 - 2018-12-08 06:23 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-12-12 14:34 - 2018-12-08 06:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-12-12 14:34 - 2018-12-08 02:06 - 000491416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-12-12 14:34 - 2018-12-08 02:06 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-12-12 14:34 - 2018-12-08 02:05 - 001935008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-12-12 14:34 - 2018-12-08 02:05 - 000793592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-12-12 14:34 - 2018-12-08 02:05 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-12-12 14:34 - 2018-12-08 02:05 - 000413920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-12-12 14:34 - 2018-12-08 02:04 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-12-12 14:34 - 2018-12-08 02:04 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-12 14:34 - 2018-12-08 02:04 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-12-12 14:34 - 2018-12-08 02:04 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-12-12 14:34 - 2018-12-08 02:04 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-12-12 14:34 - 2018-12-08 02:04 - 000413176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-12-12 14:34 - 2018-12-08 02:04 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-12-12 14:34 - 2018-12-08 01:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-12 14:34 - 2018-12-08 01:45 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-12-12 14:34 - 2018-12-08 01:45 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-12-12 14:34 - 2018-12-08 01:45 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-12 14:34 - 2018-12-08 01:45 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-12-12 14:34 - 2018-12-08 01:45 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-12-12 14:34 - 2018-12-08 01:45 - 000129296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-12-12 14:34 - 2018-12-08 01:38 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-12 14:34 - 2018-12-08 01:38 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-12-12 14:34 - 2018-12-08 01:36 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-12-12 14:34 - 2018-12-08 01:34 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-12-12 14:34 - 2018-12-08 01:34 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-12-12 14:34 - 2018-12-08 01:34 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2018-12-12 14:34 - 2018-12-08 01:32 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-12-12 14:34 - 2018-12-08 01:29 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-12-12 14:34 - 2018-12-08 01:25 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-12-12 14:34 - 2018-11-08 23:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-12-12 14:34 - 2018-11-08 23:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-12-12 14:34 - 2018-11-08 23:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClie nt.dll
2018-12-12 14:34 - 2018-11-08 23:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-12-12 14:34 - 2018-11-08 23:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-12-12 14:34 - 2018-11-08 23:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-12-12 14:34 - 2018-11-08 23:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-12-12 14:34 - 2018-11-08 20:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-12-12 14:34 - 2018-11-08 20:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-12-12 14:34 - 2018-11-08 20:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-12-12 14:34 - 2018-11-08 20:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-12-12 14:34 - 2018-11-08 20:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-12-12 14:34 - 2018-11-08 20:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-12-12 14:34 - 2018-11-08 20:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-12-12 14:34 - 2018-11-08 20:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-12-12 14:34 - 2018-11-08 20:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-12-12 14:34 - 2018-11-08 20:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-12-12 14:34 - 2018-11-08 20:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-12-12 14:34 - 2018-11-08 20:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-12-12 14:34 - 2018-11-08 20:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-12-12 14:34 - 2018-11-08 20:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-12-12 14:34 - 2018-11-08 20:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-12-12 14:34 - 2018-11-08 19:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-12-12 14:34 - 2018-11-08 19:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-12-12 14:34 - 2018-11-08 19:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-12-12 14:34 - 2018-11-08 19:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-12-12 14:34 - 2018-11-08 19:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-12-12 14:34 - 2018-11-08 19:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-12-12 14:34 - 2018-11-08 19:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-12-12 14:34 - 2018-11-08 19:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-12-12 14:34 - 2018-11-08 19:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-12-12 14:34 - 2018-11-08 19:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-12-12 14:34 - 2018-11-08 19:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-12-12 14:33 - 2018-12-08 06:29 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-12 14:33 - 2018-12-08 06:28 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-12-12 14:33 - 2018-12-08 06:27 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-12-12 14:33 - 2018-12-08 06:23 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-12-12 14:33 - 2018-12-08 06:22 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-12-12 14:33 - 2018-12-08 02:07 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-12 14:33 - 2018-12-08 02:06 - 000777512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-12-12 14:33 - 2018-12-08 02:05 - 007436216 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-12-12 14:33 - 2018-12-08 02:05 - 002822656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-12-12 14:33 - 2018-12-08 02:05 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-12-12 14:33 - 2018-12-08 02:05 - 000706040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-12-12 14:33 - 2018-12-08 02:05 - 000130312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-12-12 14:33 - 2018-12-08 02:04 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-12-12 14:33 - 2018-12-08 02:04 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-12-12 14:33 - 2018-12-08 02:04 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-12-12 14:33 - 2018-12-08 01:47 - 000785760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-12-12 14:33 - 2018-12-08 01:46 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-12-12 14:33 - 2018-12-08 01:45 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-12-12 14:33 - 2018-12-08 01:41 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-12 14:33 - 2018-12-08 01:40 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-12-12 14:33 - 2018-12-08 01:36 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-12-12 14:33 - 2018-12-08 01:36 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-12-12 14:33 - 2018-12-08 01:35 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-12-12 14:33 - 2018-12-08 01:34 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-12-12 14:33 - 2018-12-08 01:33 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-12-12 14:33 - 2018-12-08 01:33 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-12-12 14:33 - 2018-12-08 01:33 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-12-12 14:33 - 2018-12-08 01:32 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-12-12 14:33 - 2018-12-08 01:30 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-12-12 14:33 - 2018-12-08 01:30 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-12-12 14:33 - 2018-12-08 01:28 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.d ll
2018-12-12 14:33 - 2018-12-08 01:26 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-12-12 14:33 - 2018-12-08 01:26 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-12-12 14:33 - 2018-12-08 01:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-12-12 14:33 - 2018-11-08 23:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-12-12 14:33 - 2018-11-08 20:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-12-12 14:33 - 2018-11-08 20:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-12-12 14:33 - 2018-11-08 20:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-12-12 14:33 - 2018-11-08 20:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-12-12 14:33 - 2018-11-08 20:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-12-12 14:33 - 2018-11-08 20:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-12-12 14:33 - 2018-11-08 20:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-12-12 14:33 - 2018-11-08 20:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-12-12 14:33 - 2018-11-08 20:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-12-12 14:33 - 2018-11-08 20:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-12-12 14:33 - 2018-11-08 20:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-12-12 14:32 - 2018-12-08 06:42 - 004527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-12-12 14:32 - 2018-12-08 06:42 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-12 14:32 - 2018-12-08 06:28 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-12 14:32 - 2018-12-08 06:27 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-12-12 14:32 - 2018-12-08 02:12 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-12-12 14:32 - 2018-12-08 02:12 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-12-12 14:32 - 2018-12-08 02:04 - 001188512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-12-12 14:32 - 2018-12-08 02:04 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-12-12 14:32 - 2018-12-08 01:46 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-12-12 14:32 - 2018-12-08 01:45 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-12-12 14:32 - 2018-12-08 01:42 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-12-12 14:32 - 2018-12-08 01:37 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-12-12 14:32 - 2018-12-08 01:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-12-12 14:32 - 2018-12-08 01:37 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-12-12 14:32 - 2018-12-08 01:36 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-12-12 14:32 - 2018-12-08 01:36 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-12-12 14:32 - 2018-12-08 01:36 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-12-12 14:32 - 2018-12-08 01:33 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-12-12 14:32 - 2018-12-08 01:32 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-12-12 14:32 - 2018-12-08 01:30 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-12-12 14:32 - 2018-12-08 01:28 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-12-12 14:32 - 2018-12-08 01:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-12-12 14:32 - 2018-12-08 01:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-12-12 14:32 - 2018-12-08 01:25 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-12-12 14:32 - 2018-11-09 00:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-12-12 14:32 - 2018-11-09 00:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-12-12 14:32 - 2018-11-08 23:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-12-12 14:32 - 2018-11-08 23:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-12-12 14:32 - 2018-11-08 23:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-12-12 14:32 - 2018-11-08 23:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-12-12 14:32 - 2018-11-08 20:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-12-12 14:32 - 2018-11-08 20:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-12-12 14:32 - 2018-11-08 20:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-12-12 14:32 - 2018-11-08 20:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-12-12 14:32 - 2018-11-08 20:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2018-12-12 14:32 - 2018-11-08 20:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-12-12 14:32 - 2018-11-08 20:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 14:32 - 2018-11-08 19:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-12-12 14:32 - 2018-11-08 19:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-12-12 14:31 - 2018-12-08 06:47 - 001048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker. dll
2018-12-12 14:31 - 2018-12-08 06:46 - 000549760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-12-12 14:31 - 2018-12-08 06:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-12-12 14:31 - 2018-12-08 06:27 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-12-12 14:31 - 2018-12-08 06:23 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-12-12 14:31 - 2018-12-08 06:23 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-12-12 14:31 - 2018-12-08 06:22 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-12-12 14:31 - 2018-12-08 02:12 - 000092688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2018-12-12 14:31 - 2018-12-08 02:07 - 001328632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2018-12-12 14:31 - 2018-12-08 02:06 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-12-12 14:31 - 2018-12-08 02:05 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2018-12-12 14:31 - 2018-12-08 02:05 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2018-12-12 14:31 - 2018-12-08 02:05 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys
2018-12-12 14:31 - 2018-12-08 02:04 - 001943328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-12-12 14:31 - 2018-12-08 02:04 - 000158624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-12-12 14:31 - 2018-12-08 02:04 - 000058168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2018-12-12 14:31 - 2018-12-08 01:45 - 001620472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-12-12 14:31 - 2018-12-08 01:45 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-12-12 14:31 - 2018-12-08 01:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnsruprov.dll
2018-12-12 14:31 - 2018-12-08 01:38 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\eeprov.dll
2018-12-12 14:31 - 2018-12-08 01:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-12-12 14:31 - 2018-12-08 01:38 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2018-12-12 14:31 - 2018-12-08 01:38 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dl l
2018-12-12 14:31 - 2018-12-08 01:38 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-12-12 14:31 - 2018-12-08 01:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2018-12-12 14:31 - 2018-12-08 01:37 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.d ll
2018-12-12 14:31 - 2018-12-08 01:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-12-12 14:31 - 2018-12-08 01:37 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2018-12-12 14:31 - 2018-12-08 01:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2018-12-12 14:31 - 2018-12-08 01:37 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2018-12-12 14:31 - 2018-12-08 01:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-12-12 14:31 - 2018-12-08 01:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2018-12-12 14:31 - 2018-12-08 01:36 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-12-12 14:31 - 2018-12-08 01:36 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2018-12-12 14:31 - 2018-12-08 01:36 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mmcss.sys
2018-12-12 14:31 - 2018-12-08 01:35 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-12-12 14:31 - 2018-12-08 01:34 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivit y.dll
2018-12-12 14:31 - 2018-12-08 01:33 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-12-12 14:31 - 2018-12-08 01:33 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-12-12 14:31 - 2018-12-08 01:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-12-12 14:31 - 2018-12-08 01:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-12-12 14:31 - 2018-12-08 01:29 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 14:31 - 2018-12-08 01:29 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2018-12-12 14:31 - 2018-12-08 01:27 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivit y.dll
2018-12-12 14:31 - 2018-12-08 01:27 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-12-12 14:31 - 2018-12-08 01:25 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-12-12 14:31 - 2018-12-08 01:25 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-12-12 14:31 - 2018-12-08 01:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-12-12 14:31 - 2018-12-08 01:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-12-12 14:31 - 2018-11-08 23:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-12-12 14:31 - 2018-11-08 23:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-12-12 14:31 - 2018-11-08 23:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-12-12 14:31 - 2018-11-08 23:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2018-12-12 14:31 - 2018-11-08 23:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-12-12 14:31 - 2018-11-08 23:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-12-12 14:31 - 2018-11-08 20:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-12-12 14:31 - 2018-11-08 20:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-12-12 14:31 - 2018-11-08 20:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-12-12 14:31 - 2018-11-08 20:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2018-12-12 14:31 - 2018-11-08 20:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-12-12 14:31 - 2018-11-08 20:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2018-12-12 14:31 - 2018-11-08 20:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2018-12-12 14:31 - 2018-11-08 20:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-12-12 14:31 - 2018-11-08 20:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-12-12 14:31 - 2018-11-08 20:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-12-12 14:31 - 2018-11-08 20:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-12-12 14:31 - 2018-11-08 20:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-12-12 14:31 - 2018-11-08 19:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-12-12 14:31 - 2018-11-08 19:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-12-12 14:31 - 2018-11-08 19:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2018-12-12 14:31 - 2018-11-08 19:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-12-12 14:31 - 2018-11-08 19:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-12-12 14:31 - 2018-11-08 19:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
Reply With Quote
  #7  
Old January 11th, 2019, 04:43 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
==================== Files in the root of some directories =======

2018-09-14 23:28 - 2018-09-14 23:28 - 000000044 _____ () C:\Users\MattS\AppData\Roaming\WB.CFG
2018-09-09 15:54 - 2018-09-09 15:54 - 000000003 _____ () C:\Users\MattS\AppData\Local\updater.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-23 14:56

==================== End of FRST.txt ============================
Reply With Quote
  #8  
Old January 11th, 2019, 04:44 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
Ran by MattS (10-01-2019 21:37:03)
Running from C:\Users\MattS\AppData\Local\Packages\Microsoft.Mi crosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-05-23 21:22:57)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3107326716-814032089-3740455390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3107326716-814032089-3740455390-503 - Limited - Disabled)
Guest (S-1-5-21-3107326716-814032089-3740455390-501 - Limited - Disabled)
MattS (S-1-5-21-3107326716-814032089-3740455390-1001 - Administrator - Enabled) => C:\Users\MattS
WDAGUtilityAccount (S-1-5-21-3107326716-814032089-3740455390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
ASUS USB-AC53 Nano USB Wireless adapter Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.0.0.3 - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3107326716-814032089-3740455390-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 64.0 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0 (x64 en-US)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8416 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.29-3 - Wacom Technology Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-10-12] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODClea nupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstall er.exe [2018-04-11] ()
Task: {ADA0C99A-1859-4C3E-B769-A915B1D78CC9} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {BE97BD77-C54D-40BE-87F9-C3B2554B8B45} - \{4CDCC486-63BA-B316-3A1E-631EA9E46CB6} -> No File <==== ATTENTION
Task: {C5278344-B193-45E8-B6F8-0F7CA1254FC5} - System32\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {D3D91D22-E32E-4194-A646-51C910AAE9FA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {DF852DEB-AC8F-4025-9A30-0230A437E2E1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 14:31 - 2018-11-08 20:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 22:32 - 2019-01-01 00:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2018-10-03 22:57 - 2018-10-03 22:57 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\LibWrapper.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\skypert.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-12 17:05 - 2018-12-12 17:05 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-11-06 16:46 - 2018-11-06 16:46 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 16:46 - 2018-11-06 16:46 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 16:46 - 2018-11-06 16:46 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.100 1.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeC ontrol.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-02-25 23:06 - 2018-12-17 08:39 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
Reply With Quote
  #9  
Old January 11th, 2019, 04:45 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3107326716-814032089-3740455390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MattS\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\facebook_15 11574001546.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-3107326716-814032089-3740455390-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3107326716-814032089-3740455390-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3107326716-814032089-3740455390-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1F75328-9D60-40FD-AAEB-6784BC834406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{5D785604-C0B5-4E87-B244-48BD06A65C0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{BA2A478A-5E30-4B73-AFEF-2E0DFEA3B89C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{00B06DA9-B64C-4C8E-9148-E7A19574A667}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{45202C22-162D-4FB5-BB77-09C04866DE07}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{4140CD1C-E868-41BF-A2C5-937579E1D401}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
FirewallRules: [{6F992A1A-A280-41AB-AEAA-E26D65A54F0E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{03BACEB0-47CF-4D6E-84A2-511BE87266FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corporation)
FirewallRules: [{DD60D2D2-C99B-4F25-ADD8-DCF9187CDE7C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{552825B4-66EC-4187-84DD-D6DFC904DF4A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{EAF78F38-6F9E-4D6A-9512-AF86EB94BCA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software)
FirewallRules: [{A5441B6D-ED33-4BE0-945C-373E13A388A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software)
FirewallRules: [{47E3C1DC-1884-4C14-9736-6A42BB43359E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{AB99E4C2-1B1B-4AE9-8C8F-087624343351}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software)
FirewallRules: [{6E64EB3D-1CE5-458A-976E-988E72B750D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)
FirewallRules: [{BE6E12DB-56DA-425D-A94C-92BBE80800AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software)

==================== Restore Points =========================

28-12-2018 21:58:04 Scheduled Checkpoint
07-01-2019 02:37:27 Scheduled Checkpoint
10-01-2019 08:31:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2019 10:39:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/08/2019 11:27:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000005
Fault offset: 0x0000000000024989
Faulting process id: 0xcd4
Faulting application start time: 0x01d4a76a5fe63393
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f4a9e24d-9186-424b-b8fd-fec865fb2f27
Faulting package full name:
Faulting package-relative application ID:

Error: (01/07/2019 06:01:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000005
Fault offset: 0x0000000000024989
Faulting process id: 0xdc8
Faulting application start time: 0x01d4a5cd56a2e387
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 157f0607-e32b-429c-9bee-6db1e422114a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/07/2019 05:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rufus-3.4p.exe, version: 3.4.1430.0, time stamp: 0x00000000
Faulting module name: rufus-3.4p.exe, version: 3.4.1430.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x000531bf
Faulting process id: 0x26ac
Faulting application start time: 0x01d4a6e3ce478df0
Faulting application path: C:\Users\MattS\Downloads\rufus-3.4p.exe
Faulting module path: C:\Users\MattS\Downloads\rufus-3.4p.exe
Report Id: 3a0dcca5-970e-41f9-8ffa-dd4830289756
Faulting package full name:
Faulting package-relative application ID:

Error: (01/07/2019 02:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.33.2.18, time stamp: 0x5c13e01a
Faulting module name: eurotrucks2.exe, version: 1.33.2.18, time stamp: 0x5c13e01a
Exception code: 0xc0000005
Fault offset: 0x00000000000c39b7
Faulting process id: 0x28b8
Faulting application start time: 0x01d4a6c4672e28c2
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
Report Id: f93065e8-2d68-46d6-84a4-efd082f45ca4
Faulting package full name:
Faulting package-relative application ID:

Error: (01/07/2019 09:35:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.471, time stamp: 0x5c0b745c
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x2cd0
Faulting application start time: 0x01d4a69e4c6f5e34
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Report Id: 48a4e1ff-0a13-4c0f-baf2-b05e5ed127ce
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (01/03/2019 03:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.471, time stamp: 0x5c0b745c
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0xf50
Faulting application start time: 0x01d4a3ac06d88a7c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Report Id: e525a0a0-6878-4917-a86f-c7df5d6444aa
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess
Reply With Quote
  #10  
Old January 11th, 2019, 04:46 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Error: (01/02/2019 06:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.471, time stamp: 0x5c0b745c
Faulting module name: igd10iumd64.dll, version: 10.18.15.4279, time stamp: 0x55db7ece
Exception code: 0xc0000005
Fault offset: 0x0000000000151c3a
Faulting process id: 0x1cbc
Faulting application start time: 0x01d4a2f70fba6c35
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Report Id: 6fd3e89d-f2db-4b49-b463-c37414b7f0b7
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wek yb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (01/10/2019 04:38:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2019 01:43:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3JLMS2K)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-3JLMS2K\MattS SID (S-1-5-21-3107326716-814032089-3740455390-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.1713 4.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2019 10:06:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2019 08:44:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2019 08:32:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2019 08:25:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/10/2019 08:25:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (01/10/2019 08:24:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-12-25 20:34:09.519
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {198E6200-B3D1-439D-9506-C8B6F8D840D7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-25 20:27:44.347
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {349E8DB7-E229-4FFC-87A3-85B5B1B15C44}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-04 11:04:23.186
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?lin...9&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: file:_C:\Users\MattS\AppData\Local\Temp\ajwJxZOu.e xe.part
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.281.1361.0, AS: 1.281.1361.0, NIS: 1.281.1361.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-12-04 10:55:01.305
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?lin...9&enterprise=0
Name: SoftwareBundler:Win32/Prepscram
ID: 226289
Severity: High
Category: Software Bundler
Path: file:_C:\Users\MattS\AppData\Local\Temp\jy_8HL6R.e xe.part
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.281.1361.0, AS: 1.281.1361.0, NIS: 1.281.1361.0
Engine Version: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-12-03 14:47:38.697
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {24A7F3AF-D83E-476F-AD81-B5A3B7489E29}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-12-02 10:26:08.023
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 10:26:07.966
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 10:26:07.908
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 10:26:07.740
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 10:26:07.686
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-02 10:26:07.633
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\InfusedApps\Applic ations\Microsoft.HEVCVideoExtension_1.0.2512.0_x64 __8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Reply With Quote
  #11  
Old January 11th, 2019, 04:46 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Date: 2018-11-29 18:43:20.481
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2018-11-29 18:43:07.160
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 55%
Total physical RAM: 6074.15 MB
Available physical RAM: 2718.43 MB
Total Virtual: 6458.15 MB
Available Virtual: 1979.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.44 GB) (Free:606.05 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.53 GB) (Free:2.5 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{67899f6a-63a2-467d-9814-d6b89580224b}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.33 GB) NTFS
\\?\Volume{34479b69-3f08-4eec-a65e-94afaa7f4487}\ () (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
\\?\Volume{96761440-6b60-46fa-8d5e-9ebc07d780e3}\ () (Fixed) (Total:0.84 GB) (Free:0.78 GB) NTFS
\\?\Volume{db0fd788-f90d-4d26-bd8a-23cc33437550}\ () (Fixed) (Total:0.84 GB) (Free:0.77 GB) NTFS
\\?\Volume{ac955b8f-d529-45d2-aca4-57c6610bea79}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 698.6 GB) (Disk ID: 715CA9C3)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #12  
Old January 12th, 2019, 01:09 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,877
Please do this;



Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt


Code:
CreateRestorePoint:
start
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {BE97BD77-C54D-40BE-87F9-C3B2554B8B45} - \{4CDCC486-63BA-B316-3A1E-631EA9E46CB6} -> No File <==== ATTENTION
Task: {C5278344-B193-45E8-B6F8-0F7CA1254FC5} - System32\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.s ys [X]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-09-24] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.


=========================


Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Reply With Quote
  #13  
Old January 12th, 2019, 04:43 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
Fix result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
Ran by MattS (11-01-2019 20:20:15) Run:1
Running from C:\Users\MattS\OneDrive\Desktop
Loaded Profiles: MattS (Available Profiles: MattS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {BE97BD77-C54D-40BE-87F9-C3B2554B8B45} - \{4CDCC486-63BA-B316-3A1E-631EA9E46CB6} -> No File <==== ATTENTION
Task: {C5278344-B193-45E8-B6F8-0F7CA1254FC5} - System32\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.s ys [X]
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-09-24] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
end
*****************

"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTas k .job" => not found
C:\WINDOWS\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE97BD 77-C54D-40BE-87F9-C3B2554B8B45}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE97BD 77-C54D-40BE-87F9-C3B2554B8B45}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CDCC48 6-63BA-B316-3A1E-631EA9E46CB6}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C52783 44-B193-45E8-B6F8-0F7CA1254FC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C52783 44-B193-45E8-B6F8-0F7CA1254FC5}" => removed successfully
C:\WINDOWS\System32\Tasks\update-S-1-5-21-3107326716-814032089-3740455390-1001 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-3107326716-814032089-3740455390-1001" => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.E XE\shell\open\command\\Default => value restored successfully
HKLM\System\CurrentControlSet\Services\AscFileFilt er => removed successfully
AscFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\AscRegistry Filter => removed successfully
AscRegistryFilter => service removed successfully
ZAM_Guard => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully
ZAM_Guard => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => removed successfully
ZAM => service removed successfully


The system needed a reboot.

==== End of Fixlog 20:20:20 ====
Reply With Quote
  #14  
Old January 12th, 2019, 04:46 AM
sportsfan7702 sportsfan7702 is offline
Senior Member
 
Join Date: Sep 2008
Posts: 295
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-11-2019
# Duration: 00:00:24
# OS: Windows 10 Home
# Scanned: 32265
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [4138 octets] - [21/09/2018 10:04:09]
AdwCleaner[C00].txt - [3874 octets] - [21/09/2018 10:05:55]
AdwCleaner[S01].txt - [3182 octets] - [10/10/2018 15:42:03]
AdwCleaner[S02].txt - [3331 octets] - [03/11/2018 15:47:18]
AdwCleaner[S03].txt - [3392 octets] - [12/11/2018 09:23:30]
AdwCleaner[C03].txt - [3458 octets] - [12/11/2018 09:23:46]
AdwCleaner[S04].txt - [1976 octets] - [19/11/2018 12:21:14]
AdwCleaner[C04].txt - [2148 octets] - [19/11/2018 12:21:32]
AdwCleaner[S05].txt - [3811 octets] - [13/12/2018 09:17:43]
AdwCleaner[S06].txt - [3872 octets] - [13/12/2018 09:28:17]
AdwCleaner[C06].txt - [3740 octets] - [13/12/2018 09:28:36]
AdwCleaner[S07].txt - [3836 octets] - [02/01/2019 17:47:53]
AdwCleaner[C07].txt - [3873 octets] - [02/01/2019 17:51:17]
AdwCleaner[S08].txt - [2043 octets] - [08/01/2019 10:28:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########
Reply With Quote
  #15  
Old January 13th, 2019, 12:59 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,877
Not really anything much so far.


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:01 AM.