Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Laptop performance very slow

Started by bluestat-t , Nov 23 2017 11:59 PM

Please log in to reply

7 replies to this topic

#1 bluestat-t

Member

Full Member
27 posts

Posted 23 November 2017 - 11:59 PM

Hi there,

The performance of my laptop is very sluggish, dreadfully slow. When typing characters into software programs, there is a major lag. Internet sites take a long time to load. Even pressing the 'Start' icon to call on other programs takes 10 seconds to register. No popups. Browser not hijacked. Unclear what process is using significant CPU. No processes trying to access the internet. I have read the FAQ and logs follow.

Thank you for considering to help.

MBAM LOG

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/23/17
Scan Time: 10:31 PM
Log File: edf9a19a-d0c7-11e7-a859-606dc7fe2ddc.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3335
License: Trial

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: DESKTOP-I7FBINF\Tim and Wendy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 441612
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: 1 hr, 16 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 11
PUP.Optional.Booking, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BOOKING.COM.LNK, Quarantined, [413], [347183],1.0.3335
PUP.Optional.SofTonic, C:\USERS\TIM AND WENDY\DESKTOP\2016 USB BACK UP\ (F)\SOFTONICDOWNLOADER_FOR_WINDVD.EXE, Quarantined, [3312], [8262],1.0.3335
PUP.Optional.Spigot, C:\USERS\TIM AND WENDY\DESKTOP\2016 USB BACK UP\ (F)\MEDIA.PLAYER.CODEC.PACK.V4.2.9.SETUP.EXE, Quarantined, [647], [300859],1.0.3335
PUP.Optional.Conduit, C:\USERS\TIM AND WENDY\DESKTOP\2016 USB BACK UP\ (F)\INSTALLCONVERTER_TSV419YJI.EXE, Quarantined, [578], [76403],1.0.3335
PUP.Optional.DownLoadAdmin, C:\USERS\TIM AND WENDY\DESKTOP\OLD LAPTOP\TIM AND WENDY FOLDER\DOWNLOADS\CBSIDLM-TR1_13-CYBERLINK_MEDIASHOW-BP-195351.EXE, Quarantined, [4], [106277],1.0.3335
PUP.Optional.Spigot, C:\USERS\TIM AND WENDY\DESKTOP\OLD LAPTOP\TIM AND WENDY FOLDER\DOWNLOADS\MEDIA.PLAYER.CODEC.PACK.V4.2.9.SETUP.EXE, Quarantined, [647], [300859],1.0.3335
PUP.Optional.SofTonic, C:\USERS\TIM AND WENDY\DESKTOP\SEPT 2016 USB BACK UP\ (E)\SOFTONICDOWNLOADER_FOR_WINDVD.EXE, Quarantined, [3312], [8262],1.0.3335
PUP.Optional.APNToolBar, C:\USERS\TIM AND WENDY\DESKTOP\OLD LAPTOP\TIM AND WENDY FOLDER\DOWNLOADS\YTDSETUP.EXE, Quarantined, [6485], [76243],1.0.3335
PUP.Optional.OutBrowse, C:\USERS\TIM AND WENDY\DESKTOP\SEPT 2016 USB BACK UP\ (E)\MP4PLAYER_SETUP.EXE, Quarantined, [382], [2772],1.0.3335
PUP.Optional.Conduit, C:\USERS\TIM AND WENDY\DESKTOP\SEPT 2016 USB BACK UP\ (E)\INSTALLCONVERTER_TSV419YJI.EXE, Quarantined, [578], [76403],1.0.3335
PUP.Optional.Spigot, C:\USERS\TIM AND WENDY\DESKTOP\SEPT 2016 USB BACK UP\ (E)\MEDIA.PLAYER.CODEC.PACK.V4.2.9.SETUP.EXE, Quarantined, [647], [300859],1.0.3335

Physical Sector: 0
(No malicious items detected)

(end)

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Tim and Wendy (administrator) on DESKTOP-I7FBINF (24-11-2017 00:09:22)
Running from C:\Users\Tim and Wendy\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Tim and Wendy (Available Profiles: Tim and Wendy & wdietric)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\SMART Technologies\Education Software\ -> C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\SMART Technologies\Education Software\) <==== Repaired successfully
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8911872 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-23] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1761136 2011-07-13] (SMART Technologies)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-13] (Check Point Software Technologies Ltd.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3850315983-541361124-2184275077-1002\...\Run: [8593ECFE0CC764FCB6B4CEE1E2459F88F51F59B0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\Tim and Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-01-06]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e0fdcbd7-13db-4738-8af8-2b1fdcd7f6a6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3850315983-541361124-2184275077-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3850315983-541361124-2184275077-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM-x32 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3850315983-541361124-2184275077-1002 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll [2011-06-23] (SMART Technologies ULC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2011-06-23] (SMART Technologies ULC.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-12-10] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: t4mnoapw.default
FF ProfilePath: C:\Users\Tim and Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default [2017-11-23]
FF Homepage: Mozilla\Firefox\Profiles\t4mnoapw.default -> hxxp://www.msn.com/en-ca?checklang=1
FF Extension: (Avast SafePrice) - C:\Users\Tim and Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default\Extensions\sp@avast.com.xpi [2017-11-05]
FF Extension: (Avast Online Security) - C:\Users\Tim and Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default\Extensions\wrc@avast.com.xpi [2017-10-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.ca/
CHR Profile: C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Extension: (Slides) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Crash King) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahbpokpfohopgmmdcgmgbhffofmepgoi [2016-11-29]
CHR Extension: (little owl) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\alopfckdopopebdogneaajhpajfbkane [2017-02-20]
CHR Extension: (Docs) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (So Many Me - Demo) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2016-11-29]
CHR Extension: (YouTube) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Dominoes) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bomhoanbpkeifgklbpebekfgblgficjn [2017-10-10]
CHR Extension: (Google Search) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Color Switch) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlknokhglhpflfcgodinmdmbfoheecdo [2016-09-25]
CHR Extension: (Free Online Games) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eciikokclglkbdhbmecaodaanacocdda [2016-09-25]
CHR Extension: (Pizza Snake) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eladgefgfablffmdbgbllikigaaehjbd [2017-02-20]
CHR Extension: (Avast SafePrice) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-11-22]
CHR Extension: (Sheets) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Run 3) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdoaljdhjgjjaeinnelanmpoggfcphe [2017-02-20]
CHR Extension: (Papa's Pizzeria) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaihmihhhgfofccgiboicjloaemhhfi [2016-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Cut the Rope 2) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgpbgnjclnnofnecabolhjkflldijij [2016-09-25]
CHR Extension: (DuckLife 4) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdfbmneejapngnopenfcmnpnbohncpdo [2016-09-25]
CHR Extension: (Squitten) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhpdmnidcgpjkpppahlnknebdmfjklbc [2016-09-25]
CHR Extension: (Happy Wheels) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2016-09-25]
CHR Extension: (Coaster Racer 3) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobglllfkgfahhakmmgdcgmefmjhifbi [2016-09-25]
CHR Extension: (Don't Tap The White Tile - Piano Tiles) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbffnddkpojlhaikfemlpfglhmkckjeg [2016-11-29]
CHR Extension: (Funky Karts) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgibbcljlbkkeaogjofolcbakcokmie [2017-11-22]
CHR Extension: (SWOOOP) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblimahfbhdcengjfbdpdngcfcghladf [2016-11-29]
CHR Extension: (GIPHY for Chrome) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlleokkdhkflpmghiioglgmnminbekdi [2017-10-24]
CHR Extension: (Sketchpad 3.5) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2016-09-25]
CHR Extension: (Happy Friday!) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagckjdgadpknikjoegcibbollkafpid [2017-01-11]
CHR Extension: (Basket & Ball) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbofgfgfgdkllfnfmipceliihehcmbmd [2017-10-24]
CHR Extension: (Happy Wheels ) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkiebndfpchkpdeappeacfehciikopcj [2016-09-25]
CHR Extension: (4x4 Soccer - Play Soccer with SUVs!) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpgdegnmkfpnfecaidmakahpoaaepoo [2016-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-24]
CHR Extension: (Gmail) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]
CHR Extension: (Cube Slam) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2016-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-07] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-07] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-23] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-23] (AVAST Software)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2016-01-02] (Broadcom Corporation.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-12-09] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Response Hardware; C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [19312 2011-06-23] (SMART Technologies)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [326656 2016-10-14] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-10-02] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-13] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-08-18] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [82704 2015-08-18] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-23] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-23] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-23] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-23] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [105128 2017-11-02] (AVAST Software)
R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361784 2017-10-23] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-08-18] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2016-01-02] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794376 2017-07-13] (Broadcom Corp)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-23] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-23] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-23] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-23] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960 2015-07-13] (Synaptics Incorporated)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-24 00:08 - 2017-11-24 00:09 - 000000000 ____D C:\FRST
2017-11-23 22:29 - 2017-11-23 23:55 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-23 22:29 - 2017-11-23 23:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-23 22:29 - 2017-11-23 22:29 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-23 22:28 - 2017-11-23 23:55 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-23 22:28 - 2017-11-23 22:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-23 22:28 - 2017-11-23 22:28 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-23 22:28 - 2017-11-23 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-23 22:28 - 2017-11-23 22:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-23 22:28 - 2017-11-23 22:28 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-23 22:28 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-22 22:11 - 2017-11-22 22:13 - 000871968 _____ C:\Users\Tim and Wendy\Downloads\HWDSB Parent Information Letter Fillable 01 17.pdf
2017-11-20 21:21 - 2017-11-20 21:21 - 000988352 _____ C:\Users\wdietric\Downloads\keepvid-pro-desktop_setup_full2957.exe
2017-11-20 21:18 - 2017-11-20 21:18 - 025421789 _____ C:\Users\wdietric\Desktop\The Last Lecture before his Death.mp4
2017-11-19 19:48 - 2017-11-19 19:48 - 001776432 _____ C:\Users\Tim and Wendy\Downloads\Bullying-Prevention-Handbook-2017-final.pdf
2017-11-19 19:47 - 2017-11-19 19:47 - 000186491 _____ C:\Users\Tim and Wendy\Downloads\Bullying Staff Primer - Elementary.pdf
2017-11-17 22:07 - 2017-11-17 22:07 - 000000000 ____D C:\ProgramData\HP
2017-11-16 21:56 - 2017-11-16 21:56 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-15 09:19 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 09:19 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 09:19 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 09:19 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 09:19 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 09:19 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 09:19 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 09:19 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 09:19 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 09:19 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 09:19 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 09:19 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 09:19 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 09:19 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 09:19 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 09:19 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 09:19 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 09:19 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 09:19 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 09:19 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 09:19 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 09:19 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 09:19 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 09:19 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 09:19 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 09:19 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 09:19 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 09:19 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 09:19 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 09:19 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 09:19 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 09:19 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 09:19 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 09:19 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 09:19 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 09:19 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 09:19 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 09:19 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 09:19 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 09:19 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 09:19 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 09:19 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 09:19 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 09:19 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 09:19 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 09:19 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 09:19 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 09:19 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 09:19 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 09:19 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 09:19 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 09:19 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 09:19 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 09:19 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 09:19 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 09:19 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 09:19 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 09:19 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 09:19 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 09:19 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 09:19 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 09:19 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 09:19 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 09:19 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 09:19 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 09:19 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 09:19 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 09:19 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 09:19 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 09:19 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 09:19 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 09:19 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 09:19 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 09:19 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 09:19 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 09:19 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 09:19 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 09:19 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 09:19 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 09:19 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 09:19 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 09:19 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 09:19 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 09:19 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 09:19 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 09:19 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 09:19 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 09:19 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 09:19 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 09:19 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 09:19 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 09:19 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 09:19 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 09:19 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 09:19 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 09:19 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 09:19 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 09:18 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 09:18 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 09:18 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 09:18 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 09:18 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 09:18 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 09:18 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 09:18 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 09:18 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 09:18 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 09:18 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 09:18 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 09:18 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 09:18 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 09:18 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 09:18 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 09:18 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 09:18 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 09:18 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 09:18 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 09:18 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 09:18 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 09:18 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 09:18 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 09:18 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 09:18 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 09:18 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 09:18 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 09:18 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 09:18 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 09:18 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 09:18 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 09:18 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 09:18 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 09:18 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 09:18 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 09:18 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 09:18 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 09:18 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 09:18 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 09:18 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 09:18 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 09:18 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 09:18 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 09:18 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 09:18 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 09:18 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 09:18 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 09:18 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 09:18 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 09:18 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 09:18 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 09:18 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 09:18 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 09:18 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 09:18 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 09:18 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 09:18 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 09:18 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 09:18 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 09:18 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 09:18 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 09:18 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 09:18 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 09:18 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 09:18 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 09:18 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 09:18 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 09:18 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 09:18 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 09:18 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 09:18 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 09:18 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 09:18 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 09:18 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 09:18 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 09:18 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 09:18 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-13 08:46 - 2017-11-13 08:46 - 000000000 ____D C:\Users\wdietric\AppData\LocalLow\Mozilla
2017-11-13 08:38 - 2017-11-13 08:46 - 000000000 ____D C:\Users\wdietric\AppData\Roaming\Mozilla
2017-11-13 08:38 - 2017-11-13 08:38 - 000000000 ____D C:\Users\wdietric\AppData\Local\Mozilla
2017-11-08 10:07 - 2017-11-08 10:07 - 000524645 _____ C:\Users\wdietric\Downloads\Helen Detwiler-Lead-Testing.pdf
2017-11-07 23:11 - 2017-11-07 23:11 - 000013644 _____ C:\Users\Tim and Wendy\Downloads\Find_Area_Perimeter_Rectangle.pdf
2017-11-07 22:56 - 2017-11-07 22:56 - 000178630 _____ C:\Users\Tim and Wendy\Downloads\Geometry and Measurement Test 4.pdf
2017-11-07 15:07 - 2017-11-07 15:07 - 000059720 _____ C:\Users\wdietric\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-07 09:39 - 2011-06-23 19:59 - 004894430 _____ C:\Users\wdietric\Documents\Tutorial for SMART Notebook 10.8.notebook
2017-11-06 13:05 - 2017-11-06 13:06 - 005330259 _____ C:\Users\wdietric\Downloads\doc02378120171106091003.pdf
2017-11-06 12:56 - 2017-11-06 12:56 - 000472556 _____ C:\Users\wdietric\Downloads\2017-10-27 ACTION Mathematics Professional Learning.pdf
2017-11-04 11:12 - 2017-11-04 11:12 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-11-03 15:56 - 2017-11-02 07:42 - 000105128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-10-31 12:39 - 2017-10-31 12:39 - 000026111 _____ C:\Users\wdietric\Downloads\1024750040.pdf
2017-10-26 21:07 - 2017-10-26 21:09 - 169049179 _____ C:\Users\Tim and Wendy\Downloads\Self Control Video.mov
2017-10-26 21:06 - 2017-10-26 21:08 - 169049179 _____ C:\Users\Tim and Wendy\Downloads\IMG_0261.mov
2017-10-26 21:05 - 2017-10-26 21:05 - 096742170 _____ C:\Users\Tim and Wendy\Downloads\IMG_0213.MOV
2017-10-25 13:19 - 2017-10-25 13:19 - 001234520 _____ C:\Users\wdietric\Downloads\report_340a3e63d05711955868de30c5976475.pdf
2017-10-25 11:54 - 2017-10-25 11:54 - 000000000 ____D C:\Users\wdietric\AppData\Local\MicrosoftEdge

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-24 00:02 - 2017-09-17 20:21 - 001063718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-24 00:01 - 2016-01-02 19:25 - 000000000 ____D C:\Users\Tim and Wendy\Documents\YouCam
2017-11-23 23:55 - 2017-09-17 20:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-23 23:37 - 2017-09-17 20:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-23 22:11 - 2016-11-20 22:58 - 000000000 ____D C:\Users\Tim and Wendy\AppData\LocalLow\Mozilla
2017-11-23 08:54 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 08:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-23 08:37 - 2017-09-17 20:48 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-22 08:33 - 2017-10-19 21:09 - 000000000 ____D C:\Users\wdietric\Documents\YouCam
2017-11-21 23:44 - 2016-10-20 18:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-21 23:44 - 2016-01-02 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 23:43 - 2017-09-17 20:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-11-21 23:43 - 2017-03-18 06:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-20 08:33 - 2015-07-16 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-18 03:11 - 2016-01-02 19:40 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-18 03:11 - 2016-01-02 19:40 - 000000000 ____D C:\Users\Tim and Wendy\AppData\Roaming\Mozilla
2017-11-17 22:07 - 2015-12-09 22:07 - 000000000 ____D C:\Program Files\HP
2017-11-16 23:06 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 22:03 - 2017-09-12 20:56 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-16 21:57 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-16 21:56 - 2017-09-17 20:14 - 000293400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-16 21:52 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-16 21:52 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-16 21:52 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-16 21:52 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-16 21:52 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-16 17:39 - 2017-10-19 21:04 - 000000000 ____D C:\Users\wdietric
2017-11-16 17:39 - 2017-09-17 20:22 - 000000000 ____D C:\Users\Tim and Wendy
2017-11-16 08:48 - 2017-10-19 21:05 - 000000000 ____D C:\Users\wdietric\AppData\Local\Google
2017-11-15 23:17 - 2017-09-17 20:48 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 23:16 - 2016-01-03 18:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 23:02 - 2016-01-02 13:17 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 23:02 - 2016-01-02 13:17 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 09:30 - 2017

Attached Files

Addition.txt 48.28KB 2 downloads

#2 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,102 posts

Posted 24 November 2017 - 05:35 PM

Hello bluestat-t and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.

I noticed in your Security Analysis log that your Avast Antivirus is disabled. Navigating on the Internet with the Antivirus disabled is not a safety practice since your computer can become infected if you visit an malicious website. You don't even need to download anything to become infected. Please enable your Avast Antivirus (if you have not already done it).

Please consider removing the following extension from Google Chrome browser as it is considered an invasive and unethical extension:
Avast Safe Price

To do that type chrome://extensions in the address bar and press Enter.
Click the trash can icon by the Avast Safe Price extension.
A confirmation dialog appears, click Remove.

Next,

FRST was designed by its developer to achieve the most reliable results when running from the Desktop. Please move the FRST.exe file to the computer Desktop.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

Start::

CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKLM-x32 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3850315983-541361124-2184275077-1002 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U3 iswSvc; no ImagePath
2017-11-17 22:07 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Tim and Wendy\AppData\Local\Temp\TAInstaller.exe
CMD: ipconfig /flushdns
EmptyTemp:

End::

Save the file as fixlist.txt in to the same location as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

Next,

Download Malwarebytes AdwCleaner and move it to your Desktop.
Right-click on adwcleaner_7.0.4.0.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
Accept the EULA (I accept), then click on Scan.
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes.
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it.
After the restart, a log will open when logging in.

Please copy and paste the content of that log in your next reply.

Next,

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
Right-click on the file RogueKiller_portable64.exe and select Run as administrator to start the tool.
Click Yes to accept the User Account Control security warning that may appear.
Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
Wait until the scan has finished. Note: This scan may take some time to complete;
Warning: Do NOT remove any entry it found. They are not all bad and need to be carefully analyzed.
Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.

In your next reply please post the entire content of the following logs:
Fixlog.txt
AdwCleaner clean log.
RKlog.txt

How is the computer running at this point?

Which browser(s) is taking too long to load Internet pages?

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 bluestat-t

Member

Full Member
27 posts

Posted 29 November 2017 - 05:59 AM

Thank you Android 8888 for helping. I had temporarily disabled avast as I was going to run e-set online scan and it said to turn off any running anti-virus program-- I decided not to run the test but forgot to turn it back on before running Rocket Granny. I had turned it back on shortly after but thanks for flagging that as a potential issue.

I removed the Chrome extension noted and then completed the 3 additional tasks. The requested output is below. I found that performance was much better after completing the tasks related to FRST. In general, no one browser took longer than others, it was just overall performance was extremely slow. It is getting better now but would appreciate if you discover anything else in the logs.

Thanks.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Tim and Wendy (28-11-2017 22:08:07) Run:1
Running from C:\Users\Tim and Wendy\Desktop
Loaded Profiles: Tim and Wendy & wdietric (Available Profiles: Tim and Wendy & wdietric)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKLM-x32 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3850315983-541361124-2184275077-1002 -> {87B891F4-2048-4D22-91B2-8495FCCB31C0} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U3 iswSvc; no ImagePath
2017-11-17 22:07 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Tim and Wendy\AppData\Local\Temp\TAInstaller.exe
CMD: ipconfig /flushdns
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{87B891F4-2048-4D22-91B2-8495FCCB31C0} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{87B891F4-2048-4D22-91B2-8495FCCB31C0} => key not found
HKU\S-1-5-21-3850315983-541361124-2184275077-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87B891F4-2048-4D22-91B2-8495FCCB31C0} => key removed successfully
HKLM\Software\Classes\CLSID\{87B891F4-2048-4D22-91B2-8495FCCB31C0} => key not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
C:\Users\Tim and Wendy\AppData\Local\Temp\TAInstaller.exe => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34022202 B
Java, Flash, Steam htmlcache => 44353 B
Windows/system/drivers => 87738090 B
Edge => 59119219 B
Chrome => 463378913 B
Firefox => 385304444 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 11592 B
NetworkService => 31026 B
Tim and Wendy => 502021416 B
wdietric => 114299322 B

RecycleBin => 256104355 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:26:00 ====

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 29 03:42:16 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-28-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

RogueKiller V12.11.26.0 (x64) [Nov 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Tim and Wendy [Administrator]
Started from : C:\Users\Tim and Wendy\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 11/28/2017 22:50:22 (Duration : 01:30:55)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 8f605e60475ba2cd3abfc9ea69a63dd2
[BSP] 247da6ca9a51cbc5826d550e3ac906e6 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 930808 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1907093504 | Size: 1750 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1910677504 | Size: 20918 MB
User = LL1 ... OK
User = LL2 ... OK

#4 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,102 posts

Posted 29 November 2017 - 04:24 PM

Hello bluestat-t.

Thank you Android 8888 for helping.

You are very welcome and thank you for providing me those logs. They're clean. :thumbsup:

Now let's check for leftovers. This is a very thorough scan and it may take several hours to complete but it's worth it.

Please scan your computer with ESET Online Scanner.

Click on this link to open ESET Online Scanner in a new window.
- Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
- Close all your programs and browsers and disconnect any USB flash drives from the computer.
- Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
- Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

Check mark Download latest version of ESET Online Scanner and click the Accept button.
Click Yes to accept any security warnings that may appear.
Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
Then click Advanced settings and check mark the following options:
- Enable detection of potentially unsafe applications
- Clean threats automatically
Click the Scan button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats.
Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

Please post the ESET log (if it produced one) and let me know in detail what issues or concerns do you still have with the laptop.

Android 8888

#5 bluestat-t

Member

Full Member
27 posts

Posted 02 December 2017 - 07:36 AM

Thanks again. Below is a copy of the ESET log. Performance still feels like it could be faster but it is much better than before.

C:\Users\Tim and Wendy\Desktop\Old Laptop\Desktop transfer\USB Backup 2014_04\Removable Disk\InstallConverter_TSV419YJI.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Desktop transfer\USB Backup 2014_04\Removable Disk\media.player.codec.pack.v4.2.9.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Desktop transfer\USB Backup 2014_04\Removable Disk\SoftonicDownloader_for_windvd.exe a variant of Win32/SoftonicDownloader.E potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Graboid Inc\My\3.0.1.0\graboid.part Win32/Graboid potentially unsafe application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YP5864QW\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi a variant of Win32/PriceGong.A potentially unwanted application deleted
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Premiumplay Codec-C\Chrome\Premiumplay Codec-C.crx JS/Toolbar.Crossrider.H potentially unwanted application deleted
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Temp\tbff.xpi Win32/Toolbar.Conduit potentially unwanted application,Win32/Toolbar.Conduit.AT potentially unwanted application deleted
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Temp\udDownload.tmp Win32/Toolbar.Conduit.R potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Temp\UpdC1ED.tmp multiple threats,a variant of Win32/AdWare.MediaFinder.I application,Win64/Adware.MediaFinder.A application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Temp\UpdE321.tmp multiple threats,a variant of Win32/AdWare.MediaFinder.I application,Win64/Adware.MediaFinder.A application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Temp\0B59F63F-BAB0-7891-BD26-1771550962C6\Setup.exe Win32/Toolbar.Babylon potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\Downloads\cbsidlm-cbsi109-Pazera_Free_MOV_to_AVI_Converter-ORG-10798308.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\Downloads\cbsidlm-cbsi145-Media_Player_Codec_Pack-ORG-10749065.exe a variant of Win32/CNETInstaller.B potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi potentially unwanted application cleaned by deleting
C:\Users\Tim and Wendy\Downloads\zafwSetupWeb_151_504_17269.exe Win32/FusionCore.P potentially unwanted application deleted

#6 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,102 posts

Posted 03 December 2017 - 05:07 PM

Hello bluestat-t.

Good. Now please do the following:

Download Zoek and save it to your computer's Desktop.
Next, temporarily disable your Security programs so it does not interfere with the scan.
Information on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.

On the Desktop, right-click the Zoek.exe file and select Run as administrator to start the tool.
(Give it a few seconds to appear.)

Next, copy and paste the entire script inside the code box below to the input field of Zoek:

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete

Close any open Internet Browsers.
Click the Run script button, and wait. It takes several minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the system drive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Note: Please re-enable your Security programs.

Please post the zoek-results.log in your next reply and let me know in detail how is the computer behaving.

Android 8888

#7 bluestat-t

Member

Full Member
27 posts

Posted 03 December 2017 - 09:49 PM

Things seem to be running better. Playing video now on browser and it is not getting hung and sound not buzzing. Applications loading quickly. I have pasted zoek log below.

Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Tim and Wendy on 2017-12-03 at 21:26:10.58.
Microsoft Windows 10 Home 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Tim and Wendy\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2017-12-03 9:42:24 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Tim and Wendy\AppData\Local\ActiveSync deleted successfully
C:\Users\Tim and Wendy\AppData\Local\DBG deleted successfully
C:\Users\Tim and Wendy\AppData\Local\NetworkTiles deleted successfully
C:\Users\wdietric\AppData\Local\DBG deleted successfully
C:\Users\wdietric\AppData\Local\NetworkTiles deleted successfully
C:\Users\wdietric\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\TIMAND~1\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/e...?checklang=1");

Added to C:\Users\TIMAND~1\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\wdietric\AppData\Roaming\Mozilla\Firefox\Profiles\8dki00x9.default\prefs.js:

Added to C:\Users\wdietric\AppData\Roaming\Mozilla\Firefox\Profiles\8dki00x9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\TIMAND~1\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\wdietric\AppData\Roaming\Mozilla\Firefox\Profiles\8dki00x9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\TIMAND~1\AppData\Roaming\Mozilla\Firefox\Profiles\t4mnoapw.default
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://hp15-comm.msn.com/?pc=HRTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...=IE11TR&pc=HRTS
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...=IE11TR&pc=HRTS

==== Reset Google Chrome ======================

C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\wdietric\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\wdietric\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\wdietric\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\wdietric\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim and Wendy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim and Wendy\Desktop\Old Laptop\Tim and Wendy folder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\wdietric\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tim and Wendy\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\wdietric\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Tim and Wendy\AppData\Local\Mozilla\Firefox\Profiles\t4mnoapw.default\cache2 emptied successfully
C:\Users\wdietric\AppData\Local\Mozilla\Firefox\Profiles\8dki00x9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Tim and Wendy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\wdietric\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\TIMAND~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 2017-12-03 at 22:39:40.61 ======================

#8 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,102 posts

Posted 04 December 2017 - 08:52 AM

Hello bluestat-t.

Things seem to be running better. Playing video now on browser and it is not getting hung and sound not buzzing. Applications loading quickly.

These are good news. Your computer appears to be clean and free of malware. :good:

Now please download Security Analysis by Rocket Grannie from here

Save it to your Desktop.
Close your security software to avoid potential conflicts.
Double click RGSA.exe
Click OK on the copyright-disclaimer
When finished, a Notepad window will open with the results of the scan.
The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
Please copy and paste the contents of that log in your next reply and wait for further instructions.

Note: If you get a warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.

Android 8888