Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think I maybe infected...

Started by Firebirdgirl , Oct 05 2018 12:34 AM

  • Please log in to reply

#1
Firebirdgirl
Posted 05 October 2018 - 12:34 AM

Firebirdgirl

    New Member

  • Member
  • Pip
  • 3 posts

So I can't get my Anti-Virus to run, AVG Free to work. it constantly states UI Failed to Load error. I've tried to repair, I've tried to change it and nothing gets it to work. I checked AVG's website and it mentioned to try remote desktop services and switch it to Automatic but I can't get that to run. I get a greyed window and it won't work as it says the program isn't responding. So I close it out and...I am pretty much can't get the solution that AVG recommends to work to work. 

 

I decide to scan for Malaware and...well I click on Malwarebytes and well it won't even start up. This doesn't sound normal at all so I am pretty sure something is wrong. I need help. 

 

I have Windows 7 64 bit. I will have a log up shortly. 


Edited by Firebirdgirl, 05 October 2018 - 12:41 AM.

  • 0

Advertisements

#2
Firebirdgirl
Posted 05 October 2018 - 09:46 AM

Firebirdgirl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Okay I still don't have a log yet....only due to the fact it was really late when I started having issues. But I think I know what my issue is...I think it's a conflicting program issue. I uninstalled AVG and Malwarebytes started working again. I scanned with Malwarebytes and no infections as far as I am aware of. Reinstalled AVG and it's working....now. But gave me a message that Malwarebyes was giving me an issue. I think the issue is that Malwarebytes is in a trial mode, unlike the free mode that doesn't actively run when it's on. I will post a log shortly but I think that maybe my issue after all. But for the sake of my computer, I'll still post my results. 

 

Edit: Here it is... 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.10.2018
Ran by Owner (administrator) on OWNER-PC (05-10-2018 08:40:04)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.300\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.300\Discord.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Discord Inc.) C:\Users\Owner\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-10-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [146800 2018-05-18] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4305776 2018-05-30] (Check Point Software Technologies Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Run: [Discord] => C:\Users\Owner\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803328 2018-09-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Run: [Spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [24907496 2018-10-02] (Spotify Ltd)
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{9CC49804-7EED-4841-ADB9-4A05961DFDF5}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.netflix.com/browse
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxps://www.library.unlv.edu/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-10-05]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-15]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-15]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-15]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-08-23]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-10]
CHR Extension: (Chrome Apps Shortcut) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobiahopcndogkgfjedmneomoghnpjpp [2018-04-26]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-11]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-18]
CHR Extension: (Grammarly for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-09-28]
CHR Extension: (Google Mail Checker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-12-16]
CHR Extension: (Wikibuy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2018-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-06]
CHR Extension: (Kolotibablo bot) - C:\Users\Owner\Downloads\kbplugin [2018-06-09]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-10-05] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8043904 2018-10-05] (AVG Technologies CZ, s.r.o.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-08-03] (BitRaider, LLC)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-05-30] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-30] (Synaptics Incorporated)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4292984 2018-05-18] (Check Point Software Technologies Ltd.)
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [45936 2018-05-30] ()
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-05-15] (Check Point Software Technologies, Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [192104 2018-10-05] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [222288 2018-10-05] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [194224 2018-10-05] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [339048 2018-10-05] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51952 2018-10-05] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [155664 2018-10-05] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [104256 2018-10-05] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [78864 2018-10-05] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1020112 2018-10-05] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [459624 2018-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208216 2018-10-05] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [373944 2018-10-05] (AVG Technologies CZ, s.r.o.)
R2 cpbak; C:\Windows\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\Windows\System32\DRIVERS\CPEPMon.sys [68280 2018-04-09] (Check Point Software Technologies Ltd.)
R1 epnetflt; C:\Windows\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies)
R1 epregflt; C:\Windows\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-05] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-05] (Malwarebytes)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-01-19] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-01-06] (Realtek Semiconductor Corporation )
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
U1 avgbdisk; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-05 08:33 - 2018-10-05 08:33 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-05 08:32 - 2018-10-05 08:32 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-05 08:32 - 2018-10-05 08:32 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-05 08:32 - 2018-10-05 08:32 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-05 08:32 - 2018-10-05 08:32 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-05 08:23 - 2018-10-05 08:23 - 000001833 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-10-05 08:23 - 2018-10-05 08:23 - 000000000 ____D C:\Users\Owner\AppData\Roaming\AVG
2018-10-05 08:23 - 2018-10-05 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-10-05 08:19 - 2018-10-05 08:19 - 000459624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-10-05 08:19 - 2018-10-05 08:19 - 000208216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-10-05 08:19 - 2018-10-05 08:19 - 000155664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-10-05 08:19 - 2018-10-05 08:19 - 000078864 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-10-05 08:19 - 2018-10-05 08:19 - 000003904 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-10-05 08:19 - 2018-10-05 08:18 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000192104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-10-05 08:19 - 2018-10-05 08:18 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-10-05 08:18 - 2018-10-05 08:18 - 000380656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-10-05 08:16 - 2018-10-05 08:16 - 000000000 ____D C:\Program Files\AVG
2018-10-04 23:42 - 2018-10-04 23:43 - 000020402 _____ C:\Users\Owner\Downloads\Addition.txt
2018-10-04 23:37 - 2018-10-05 08:55 - 000017164 _____ C:\Users\Owner\Downloads\FRST.txt
2018-10-04 23:37 - 2018-10-04 23:37 - 002414080 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2018-10-04 23:37 - 2018-10-04 23:37 - 000000000 ____D C:\FRST
2018-10-04 23:03 - 2018-10-04 23:03 - 007504768 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Owner\Downloads\avg_antivirus_free_setup_a2j.exe
2018-10-04 22:44 - 2018-10-04 22:44 - 016796856 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup547.exe
2018-10-04 15:15 - 2018-10-04 15:16 - 000456184 _____ C:\Windows\Minidump\100418-20108-01.dmp
2018-10-04 14:36 - 2018-10-04 14:36 - 000456184 _____ C:\Windows\Minidump\100418-20170-01.dmp
2018-10-04 13:56 - 2018-10-04 13:57 - 000456184 _____ C:\Windows\Minidump\100418-22807-01.dmp
2018-10-02 07:11 - 2018-10-02 07:11 - 000000000 ___SD C:\Users\Public\Documents\Check Point-SystemFolderDon'tDiscard
2018-10-02 07:11 - 2018-10-02 07:11 - 000000000 ___SD C:\Users\Owner\Documents\Sandblast Zero-Day-System-FilesDo NotErase
2018-10-01 10:44 - 2018-10-01 10:44 - 000177831 _____ C:\Users\Owner\Desktop\Nevada DMV Vehicle Registration Renewal 2018.pdf
2018-09-26 10:38 - 2018-09-26 10:57 - 000000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2018-09-26 10:37 - 2018-09-26 10:37 - 000000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-26 10:37 - 2018-09-26 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-09-26 10:35 - 2018-09-26 10:35 - 000000000 ____D C:\Program Files\VideoLAN
2018-09-26 10:32 - 2018-09-26 10:33 - 041486400 _____ C:\Users\Owner\Downloads\vlc-3.0.4-win64.exe
2018-09-26 10:25 - 2018-09-26 10:29 - 1740565872 _____ C:\Users\Owner\Downloads\Star Wars - KOTOR - Return of the Exile.mp4
2018-09-25 23:41 - 2018-09-25 23:41 - 000000000 ____D C:\Users\Owner\AppData\Local\mbamtray
2018-09-25 23:40 - 2018-09-25 23:40 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-25 23:40 - 2018-09-25 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-25 23:40 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-22 08:30 - 2018-09-22 08:30 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2018-09-22 08:20 - 2018-10-04 15:15 - 494793075 _____ C:\Windows\MEMORY.DMP
2018-09-22 08:20 - 2018-09-22 08:20 - 000275704 _____ C:\Windows\Minidump\092218-24055-01.dmp
2018-09-21 23:07 - 2018-09-21 23:10 - 283111424 _____ C:\Users\Owner\Downloads\LibreOffice_6.1.1_Win_x64 (1).msi
2018-09-21 22:48 - 2018-09-21 22:50 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1
2018-09-21 22:48 - 2018-09-21 22:48 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.1.lnk
2018-09-21 22:22 - 2018-09-21 22:25 - 283111424 _____ C:\Users\Owner\Downloads\LibreOffice_6.1.1_Win_x64.msi
2018-09-18 07:53 - 2018-09-18 07:53 - 000104369 _____ C:\Users\Owner\Downloads\20180918_Receipt.pdf
2018-09-18 07:53 - 2018-09-18 07:53 - 000104369 _____ C:\Users\Owner\Downloads\20180918_Receipt (1).pdf
2018-09-12 08:52 - 2018-08-31 08:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2018-09-12 08:52 - 2018-08-31 08:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-09-12 08:52 - 2018-08-29 18:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-12 08:52 - 2018-08-29 18:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-12 08:52 - 2018-08-27 22:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2018-09-12 08:52 - 2018-08-24 12:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-12 08:52 - 2018-08-24 11:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-12 08:52 - 2018-08-23 16:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-12 08:52 - 2018-08-23 15:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-12 08:52 - 2018-08-23 15:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-12 08:52 - 2018-08-23 14:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-12 08:52 - 2018-08-23 14:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-12 08:52 - 2018-08-23 14:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-09-12 08:52 - 2018-08-23 13:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-12 08:52 - 2018-08-23 13:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-12 08:52 - 2018-08-13 08:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-09-12 08:52 - 2018-08-13 08:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-09-12 08:52 - 2018-08-13 08:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-09-12 08:52 - 2018-08-13 08:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2018-09-12 08:52 - 2018-08-13 08:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-09-12 08:52 - 2018-08-13 08:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-09-12 08:52 - 2018-08-13 08:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-09-12 08:52 - 2018-08-13 08:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-09-12 08:52 - 2018-08-13 08:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-09-12 08:52 - 2018-08-13 08:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2018-09-12 08:52 - 2018-08-12 13:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-12 08:52 - 2018-08-12 13:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-12 08:52 - 2018-08-12 13:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-12 08:52 - 2018-08-10 08:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-12 08:52 - 2018-08-10 08:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-09-12 08:52 - 2018-08-10 08:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-09-12 08:52 - 2018-08-10 08:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-09-12 08:52 - 2018-08-10 08:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-09-12 08:52 - 2018-08-10 08:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-09-12 08:52 - 2018-08-10 08:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-09-12 08:52 - 2018-08-10 08:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-12 08:52 - 2018-08-10 08:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-09-12 08:52 - 2018-08-10 08:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-09-12 08:52 - 2018-08-10 08:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-09-12 08:52 - 2018-08-10 08:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-09-12 08:52 - 2018-08-10 08:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-09-12 08:52 - 2018-08-10 08:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-09-12 08:52 - 2018-08-10 08:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-09-12 08:52 - 2018-08-10 08:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-12 08:52 - 2018-08-10 08:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-09-12 08:52 - 2018-08-10 08:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-09-12 08:52 - 2018-08-10 08:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-09-12 08:52 - 2018-08-10 08:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-09-12 08:52 - 2018-08-10 08:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-09-12 08:52 - 2018-08-10 08:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-09-12 08:52 - 2018-07-29 08:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-09-12 08:52 - 2018-07-18 08:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-09-12 08:51 - 2018-08-23 15:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-12 08:51 - 2018-08-23 15:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-12 08:51 - 2018-08-23 15:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-12 08:51 - 2018-08-23 15:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-12 08:51 - 2018-08-23 15:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-12 08:51 - 2018-08-23 15:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-12 08:51 - 2018-08-23 15:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-12 08:51 - 2018-08-23 15:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-12 08:51 - 2018-08-23 15:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-12 08:51 - 2018-08-23 15:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-12 08:51 - 2018-08-23 15:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-12 08:51 - 2018-08-23 15:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-12 08:51 - 2018-08-23 15:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-12 08:51 - 2018-08-23 15:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-12 08:51 - 2018-08-23 15:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-12 08:51 - 2018-08-23 15:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-12 08:51 - 2018-08-23 15:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-12 08:51 - 2018-08-23 15:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-12 08:51 - 2018-08-23 15:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-12 08:51 - 2018-08-23 15:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-12 08:51 - 2018-08-23 15:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-12 08:51 - 2018-08-23 15:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-12 08:51 - 2018-08-23 15:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-12 08:51 - 2018-08-23 15:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-12 08:51 - 2018-08-23 15:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-12 08:51 - 2018-08-23 15:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-12 08:51 - 2018-08-23 15:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-12 08:51 - 2018-08-23 14:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-12 08:51 - 2018-08-23 14:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-12 08:51 - 2018-08-23 14:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-12 08:51 - 2018-08-23 14:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-12 08:51 - 2018-08-23 14:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-09-12 08:51 - 2018-08-23 14:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-09-12 08:51 - 2018-08-23 14:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-09-12 08:51 - 2018-08-23 14:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-09-12 08:51 - 2018-08-23 14:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-09-12 08:51 - 2018-08-23 14:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-09-12 08:51 - 2018-08-23 14:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-12 08:51 - 2018-08-23 14:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-09-12 08:51 - 2018-08-23 14:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-09-12 08:51 - 2018-08-23 14:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-09-12 08:51 - 2018-08-23 14:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-12 08:51 - 2018-08-23 14:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-09-12 08:51 - 2018-08-23 14:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-09-12 08:51 - 2018-08-23 13:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-09-12 08:51 - 2018-08-23 13:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-09-12 08:51 - 2018-08-23 13:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-09-12 08:51 - 2018-08-23 13:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-09-12 08:51 - 2018-08-23 13:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-09-12 08:51 - 2018-08-23 13:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-09-12 08:51 - 2018-08-23 13:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-09-12 08:51 - 2018-08-23 13:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-12 08:51 - 2018-08-23 13:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-09-12 08:51 - 2018-08-23 13:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-12 08:51 - 2018-08-23 13:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-09-12 08:51 - 2018-08-23 13:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-12 08:51 - 2018-08-23 13:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-12 08:51 - 2018-08-23 13:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-12 08:51 - 2018-08-13 08:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2018-09-12 08:51 - 2018-08-13 08:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-09-12 08:51 - 2018-08-13 08:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-09-12 08:51 - 2018-08-13 08:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-09-12 08:51 - 2018-08-13 08:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-09-12 08:51 - 2018-08-13 08:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2018-09-12 08:51 - 2018-08-13 08:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-09-12 08:51 - 2018-08-13 08:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-09-12 08:51 - 2018-08-12 13:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-09-12 08:51 - 2018-08-12 13:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-09-12 08:51 - 2018-08-10 08:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-09-12 08:51 - 2018-08-10 08:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-09-12 08:51 - 2018-08-10 08:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-09-12 08:51 - 2018-08-10 08:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-09-12 08:51 - 2018-08-10 08:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-12 08:51 - 2018-08-10 08:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-12 08:51 - 2018-08-10 08:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-12 08:51 - 2018-08-10 08:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-09-12 08:51 - 2018-08-10 08:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-09-12 08:51 - 2018-08-10 08:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-09-12 08:51 - 2018-08-10 08:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-09-12 08:51 - 2018-08-10 08:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-09-12 08:51 - 2018-08-10 08:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-09-12 08:51 - 2018-08-10 08:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-09-12 08:51 - 2018-08-10 08:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-12 08:51 - 2018-08-10 08:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-09-12 08:51 - 2018-08-10 08:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-09-12 08:51 - 2018-08-10 08:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-09-12 08:51 - 2018-08-10 08:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-09-12 08:51 - 2018-08-10 08:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-09-12 08:51 - 2018-08-10 08:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-09-12 08:51 - 2018-08-10 08:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-09-12 08:51 - 2018-08-10 08:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-09-12 08:51 - 2018-08-10 08:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-09-12 08:51 - 2018-08-10 08:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-09-12 08:51 - 2018-08-10 08:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-12 08:51 - 2018-08-10 08:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-12 08:51 - 2018-06-27 06:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls
2018-09-12 08:51 - 2018-06-27 06:19 - 000419648 _____ C:\Windows\system32\locale.nls
2018-09-06 14:55 - 2018-09-06 14:55 - 000005048 _____ C:\Users\Owner\Documents\cc_20180906_145346.reg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-05 08:54 - 2018-03-30 18:12 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2018-10-05 08:23 - 2017-12-16 09:07 - 000000000 ____D C:\Users\Owner\AppData\Local\Avg
2018-10-05 08:16 - 2017-12-16 09:07 - 000000000 ____D C:\ProgramData\Avg
2018-10-05 07:38 - 2009-07-13 21:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-05 07:38 - 2009-07-13 21:45 - 000028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-05 07:17 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-05 07:16 - 2017-12-16 09:07 - 000000000 ____D C:\Program Files (x86)\AVG
2018-10-05 07:02 - 2018-03-30 18:13 - 000000000 ____D C:\Users\Owner\AppData\Local\Spotify
2018-10-05 00:15 - 2018-07-05 00:56 - 000000000 ___HD C:\SandBlastBackup
2018-10-04 22:20 - 2017-12-17 19:22 - 000000000 ____D C:\Users\Owner\AppData\Roaming\discord
2018-10-04 15:15 - 2018-08-25 09:34 - 000000000 ____D C:\Windows\Minidump
2018-10-04 14:40 - 2017-12-17 16:05 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-10-04 12:37 - 2018-08-28 15:00 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-10-02 11:26 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2018-10-01 00:28 - 2017-12-15 23:48 - 000092872 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-28 06:30 - 2017-12-14 18:05 - 000000000 ____D C:\Users\Owner
2018-09-22 07:46 - 2009-07-13 21:45 - 000410128 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-21 22:46 - 2018-02-26 20:03 - 000000000 ____D C:\Program Files\LibreOffice
2018-09-17 18:02 - 2017-12-15 23:51 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-17 18:01 - 2017-12-15 23:51 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-14 09:24 - 2018-07-16 05:53 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2018-09-14 09:23 - 2018-07-16 05:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-09-12 09:40 - 2009-07-13 22:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 09:40 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-09-12 09:15 - 2017-12-14 20:31 - 000000000 ____D C:\Windows\system32\MRT
2018-09-12 09:14 - 2017-12-14 20:31 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-09-12 09:06 - 2017-12-16 10:10 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-09-11 23:29 - 2017-12-16 18:49 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2018-09-09 11:09 - 2018-08-05 22:17 - 000000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-08 08:32 - 2009-07-13 22:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-09-07 17:27 - 2018-08-05 22:17 - 000000000 ____D C:\Program Files\CCleaner
2018-09-05 22:29 - 2018-07-26 19:35 - 000002962 _____ C:\Windows\System32\Tasks\{4BE56B21-49B8-49C4-A873-D03C564E4F23}
2018-09-05 22:29 - 2018-07-19 16:58 - 000002962 _____ C:\Windows\System32\Tasks\{DB4950E4-4D6A-470A-A8B0-21AAF20A636E}
2018-09-05 22:29 - 2018-07-19 16:57 - 000002962 _____ C:\Windows\System32\Tasks\{DA438394-727A-48EC-AC00-18B7AB0AED49}
2018-09-05 22:29 - 2018-07-19 16:57 - 000002962 _____ C:\Windows\System32\Tasks\{A0BF8231-A15E-4895-8F89-87C06F88CDF0}
2018-09-05 22:29 - 2018-07-19 16:57 - 000002962 _____ C:\Windows\System32\Tasks\{758FA14C-7159-4786-8820-6B344AED09E1}
 
==================== Files in the root of some directories =======
 
2017-12-15 14:19 - 2017-10-22 18:09 - 000000106 _____ () C:\Users\Owner\jobq.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-29 20:21
 
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.10.2018
Ran by Owner (05-10-2018 08:57:24)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-12-15 01:05:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3775422772-3236543895-181530016-500 - Administrator - Disabled)
Guest (S-1-5-21-3775422772-3236543895-181530016-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3775422772-3236543895-181530016-1002 - Limited - Enabled)
Owner (S-1-5-21-3775422772-3236543895-181530016-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.6.3066 - AVG Technologies)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Check Point SBA (HKLM\...\{85A0CE49-6563-4208-86CC-B4297B836283}) (Version: 86.4.4023 - Check Point Software Technologies Ltd.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Discord (HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Discord) (Version: 0.0.301 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\GrammarlyForWindows) (Version: 1.5.43 - Grammarly)
LibreOffice 6.0 Help Pack (English (United States)) (HKLM\...\{63B5F6EF-F7BA-49FF-BBD4-0373E9383519}) (Version: 6.0.1.1 - The Document Foundation)
LibreOffice 6.1.1.2 (HKLM\...\{0E18CB72-99E8-4B76-9841-FC483C92959E}) (Version: 6.1.1.2 - The Document Foundation)
M4-78 Enhancement Project (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Skype version 8.30 (HKLM-x32\...\Skype_is1) (Version: 8.30 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3775422772-3236543895-181530016-1000\...\Spotify) (Version: 1.0.90.268.ga8a0ceb4 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 13.0.0.23 - Bioware/EA)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.9 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0534 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{B136506E-D077-4943-9F0D-B22494BAC3BA}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{21085985-346F-4750-B57C-270359D3BB83}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-10-05] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {086AC34D-3237-41BA-B994-0568C4A504E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {17F832A9-94A6-446B-BA96-1E68B202072A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-10-05] (AVG Technologies CZ, s.r.o.)
Task: {1B4AF77A-A2F4-48A7-BC2B-9DC848ABF262} - System32\Tasks\{2A798E0E-AB78-4366-8D3D-A5A46741A941} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {1CE88AEC-583F-4F11-9E15-7424F2929B05} - System32\Tasks\{3379B259-AAA3-4D0E-91F3-DB817A322D74} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {2D3F7935-01F2-449A-B6C9-926A4BE72857} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {3905144C-7541-4581-904C-02413878C9C1} - System32\Tasks\{A0BF8231-A15E-4895-8F89-87C06F88CDF0} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {3ED2BFFD-7592-4F89-BB6F-EFA7A7582334} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-09-16] (AVG Technologies CZ, s.r.o.)
Task: {549E03BF-5E6A-43E0-993D-4340B81A8FEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-15] (Google Inc.)
Task: {682BB837-8BB1-4FE4-9B36-495BD1682A60} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {7BFA99BE-BB0D-43B0-B86D-BEEBAECD6AF9} - System32\Tasks\{3201D6AE-C96A-4845-93B2-22839ADE786D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\Extended_Enclave_2.2\installer\Ext Enclave install.exe" -d C:\Users\Owner\Downloads\Extended_Enclave_2.2\installer
Task: {8C4CC9F3-FB01-49AC-BC9B-C39A11022955} - System32\Tasks\{4BE56B21-49B8-49C4-A873-D03C564E4F23} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {8DF9809C-87CE-47EC-A2A9-1E5543839F58} - System32\Tasks\{DB4950E4-4D6A-470A-A8B0-21AAF20A636E} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {9AADC01E-F331-40AD-BAA4-E92F89341042} - System32\Tasks\{470FE0E0-3068-4BF3-877D-6E20AC748B8B} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {B065463A-C230-453A-AE6B-275610C5DF3A} - System32\Tasks\{26C47E90-064D-459C-B32F-A6A10E67D45E} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {B4CE25FC-D710-4F91-B5A2-EA40A539AFEE} - System32\Tasks\{758FA14C-7159-4786-8820-6B344AED09E1} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
Task: {DBE06C4B-AD33-4006-A6B8-CB4269522B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-15] (Google Inc.)
Task: {E5F50453-1395-47ED-8641-57089B70C425} - System32\Tasks\{DA438394-727A-48EC-AC00-18B7AB0AED49} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2004-01-16] (BioWare Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-24 04:26 - 2018-06-24 04:26 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-05-30 09:13 - 2018-05-30 09:13 - 000045936 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
2018-09-17 18:01 - 2018-09-15 01:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-17 18:01 - 2018-09-15 01:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-03-20 08:49 - 2018-03-20 08:49 - 000035064 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
2018-10-05 08:18 - 2018-10-05 08:18 - 000700144 _____ () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-09-25 23:40 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-25 23:40 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-08 20:36 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-07-16 05:53 - 2018-09-10 18:30 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-09-14 09:23 - 2018-09-10 18:30 - 002323984 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-09-14 09:22 - 2018-09-10 18:30 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-09-14 09:22 - 2018-09-10 18:30 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-09-14 09:22 - 2018-09-10 18:30 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-03-22 19:42 - 2018-03-22 19:42 - 000153336 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 11:26 - 2015-07-20 11:26 - 001058320 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000096504 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-01-08 20:36 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-08 20:36 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Owner\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-03-30 18:13 - 2018-10-02 10:51 - 085383400 _____ () C:\Users\Owner\AppData\Roaming\Spotify\libcef.dll
2018-07-16 05:53 - 2018-09-10 18:30 - 002724040 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-16 05:53 - 2018-09-10 18:30 - 000031952 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-09-14 09:22 - 2018-09-10 18:30 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-09-14 09:22 - 2018-09-10 18:30 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-03-30 18:13 - 2018-10-02 10:50 - 004078312 _____ () C:\Users\Owner\AppData\Roaming\Spotify\libglesv2.dll
2018-03-30 18:13 - 2018-10-02 10:50 - 000097512 _____ () C:\Users\Owner\AppData\Roaming\Spotify\libegl.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000063224 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000059128 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2018-09-28 06:35 - 2018-09-28 06:35 - 002662904 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-09-28 06:35 - 2018-09-28 06:36 - 009623896 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-09-28 06:35 - 2018-09-28 06:36 - 001508344 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-09-28 06:35 - 2018-09-28 06:35 - 000513016 _____ () \\?\C:\Users\Owner\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-10-05 08:18 - 2018-10-05 08:18 - 000574192 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-10-05 08:19 - 2018-10-05 08:19 - 005792192 _____ () C:\Program Files\AVG\Antivirus\defs\18100401\algo.dll
2018-10-05 08:18 - 2018-10-05 08:18 - 000542448 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-10-05 08:18 - 2018-10-05 08:18 - 000987888 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-10-05 08:25 - 2018-10-05 08:25 - 005708488 _____ () C:\Program Files\AVG\Antivirus\defs\18100500\algo.dll
2018-10-05 08:22 - 2018-10-05 08:22 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3775422772-3236543895-181530016-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{397DC82F-AF6F-4A41-B208-581FC02F496B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4ECEE760-CDA7-4E31-84A7-56FD634BD017}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{74BAFDDB-F2D8-4768-A1C9-3B95C9539270}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F94FBCAD-0D66-47BE-8904-6B83D6163441}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{88E35B01-A01F-4B74-BA9B-8A4F01E43B35}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{7B6FD7B7-17E4-4F93-8F84-3976ACCECF5F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{4893D6D6-23E9-4DEF-9637-E2C154666CE6}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6C937025-146D-4D8A-B04A-86BD6F1807D7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6EE0F513-F24E-477F-BC59-CD7402005020}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{9D30A097-20D4-44BE-B7BF-99C481E2403E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{04613C1C-AB09-4CF3-B122-C542484F9201}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{3FFF1057-B9AC-4763-B335-05BF189EA4BB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1F1686ED-4A1B-4246-879E-F95CAD8A569A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{69C0F6CC-F51E-4CD8-8EC4-EABD52DECB9E}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{FABA0704-5D92-46E0-88CE-62086AB857E6}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{141BAE4F-E3BF-4C50-A951-B46C5AE3DAF6}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{6371E97D-4F5A-45C8-9AE3-E92A717C5890}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
 
==================== Restore Points =========================
 
16-09-2018 19:23:53 Windows Backup
21-09-2018 22:31:00 Installed LibreOffice 6.1.1.2
23-09-2018 20:51:00 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2018 08:28:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AVGUI.exe version 18.6.3983.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 187c
 
Start Time: 01d45cbf4dc77688
 
Termination Time: 60000
 
Application Path: C:\Program Files\AVG\Antivirus\AVGUI.exe
 
Report Id: 1f46a79d-c8b3-11e8-addc-047d7b4451d9
 
Error: (10/05/2018 08:26:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: CleanControllerImpl.dll, version: 3.2.0.452, time stamp: 0x5b8ffa1f
Exception code: 0x40000015
Fault offset: 0x00000000002f7623
Faulting process id: 0xa18
Faulting application start time: 0x01d45cb6401271b9
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 151ae60c-c8b3-11e8-addc-047d7b4451d9
 
Error: (10/05/2018 07:18:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/05/2018 07:15:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0x40000015
Fault offset: 0x000000000014e2bf
Faulting process id: 0xe0c
Faulting application start time: 0x01d45c7a7a491c78
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report Id: 1cbaeb82-c8a9-11e8-b1ec-047d7b4451d9
 
Error: (10/05/2018 12:11:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/04/2018 10:19:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/04/2018 09:44:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/04/2018 03:19:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (10/05/2018 07:59:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (10/05/2018 07:17:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/05/2018 12:17:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/05/2018 12:14:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Check Point Sandblast Agent Cipolla service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (10/05/2018 12:14:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Check Point Sandblast Agent Cipolla service to connect.
 
Error: (10/05/2018 12:08:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/05/2018 12:08:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
 
Error: (10/05/2018 12:07:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
 
 
CodeIntegrity:
===================================
 
Date: 2017-12-16 17:41:40.746
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-12-16 17:41:40.746
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-12-16 15:05:31.023
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-12-16 15:05:31.008
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-12-16 10:31:34.652
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-12-16 10:31:34.593
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: AMD A4-3305M APU with Radeon™ HD Graphics
Percentage of memory in use: 88%
Total physical RAM: 3558.87 MB
Available physical RAM: 395.8 MB
Total Virtual: 7115.88 MB
Available Virtual: 2856.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:181.35 GB) NTFS
 
\\?\Volume{99eab643-e132-11e7-888a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: AE62ADA9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by Firebirdgirl, 05 October 2018 - 10:14 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP