Jump to content


Photo

Scammer possibly gave me a backdoor or keylogger


  • Please log in to reply
1 reply to this topic

#1 jlbutterfly2018

jlbutterfly2018

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 March 2018 - 12:19 AM

Hi,

 

I had recently had received a pop up on a web page on walmart.com but I don't think it was the official website.  It popped up with things that said I was infected with a virus and I needed to call a number to get it fixed.  So mistakingly I called the number and this person on the phone had done something and started moving my mouse and typing on my keyboard.

 

I am worried about this as I have sensitive information on my computer and I don't want it stolen.

 

Any help will be GREATLY appreciated.

 

Below are the log files you've requested: 

 

Here's Malwarebytes Log: 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/2/18
Scan Time: 12:03 PM
Log File: 03acdb82-1e44-11e8-9f13-b05216bad614.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4174
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: LAPTOP-0PI1JEKK\jlbut
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298144
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 44 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Here's FRST and Additions Logs: 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018
Ran by jlbut (administrator) on LAPTOP-0PI1JEKK (03-03-2018 00:08:07)
Running from C:\Users\jlbut\Downloads
Loaded Profiles: jlbut (Available Profiles: jlbut)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\IntelCpHDCPSvc.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\intel security\pef\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
() C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\IntelCpHeciSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.7.371.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124757.inf_amd64_b607c305e0c4e0a1\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
() C:\Program Files (x86)\Camfrog\Camfrog Video Chat\camfrog_cef.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Webroot) C:\ProgramData\WRData\PKG\npwebroot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
() C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-10-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4388440 2017-10-20] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-07-21] (HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1252856 2018-02-17] (Webroot)
HKU\S-1-5-21-4222531852-2054636086-1797228796-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2018-02-17]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ed83b60-6f8d-4857-912c-3a33e46efd83}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4222531852-2054636086-1797228796-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-4222531852-2054636086-1797228796-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4222531852-2054636086-1797228796-1001 -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-28] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2018-02-17] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-17] (Webroot)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2018-02-17] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-17] (Webroot)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2018-02-17] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2018-02-17] (Webroot)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-02-17] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-12-21] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-12-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-16] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default [2018-03-02]
CHR Extension: (Slides) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-16]
CHR Extension: (Docs) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16]
CHR Extension: (Google Drive) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-16]
CHR Extension: (YouTube) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16]
CHR Extension: (Sheets) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-02-17]
CHR Extension: (Webroot Password Manager) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-16]
CHR Extension: (Gmail) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\jlbut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-16]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0200881519960935mcinstcleanup; C:\windows\TEMP\020088~1.EXE [1013256 2017-12-19] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127488 2017-08-30] (Realtek Semiconductor Corp.) [File not signed]
R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-12-18] (Camshare Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 esifsvc; C:\windows\system32\Intel\DPTF\esif_uf.exe [1701480 2017-09-13] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [728808 2017-12-20] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-29] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-29] (McAfee LLC)
R2 mfevtp; C:\windows\system32\mfevtps.exe [466384 2017-09-29] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-24] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-10-20] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-10-20] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1549160 2017-09-21] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1252856 2018-02-17] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77280 2017-10-19] (McAfee LLC)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\windows\System32\drivers\dptf_cpu.sys [69560 2017-09-13] (Intel Corporation)
R3 esif_lf; C:\windows\system32\DRIVERS\esif_lf.sys [382392 2017-09-13] (Intel Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 ManyCam; C:\windows\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-28] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt.sys [110016 2018-02-28] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [46008 2018-02-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-28] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [94144 2018-03-02] (Malwarebytes)
R3 mcaudrv_simple; C:\windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [492512 2017-10-19] (McAfee LLC)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [355808 2017-10-19] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [84016 2017-10-19] (McAfee LLC)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [506336 2017-10-19] (McAfee LLC)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [938464 2017-10-19] (McAfee LLC)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [507304 2017-11-15] (McAfee LLC.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [108456 2017-11-15] (McAfee LLC.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [115168 2017-10-19] (McAfee LLC)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [252896 2017-10-19] (McAfee LLC)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1009128 2017-08-24] (Realtek )
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [750072 2017-08-28] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [420832 2017-09-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7895400 2017-11-08] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\windows\System32\drivers\Smb_driver_AMDASF.sys [45144 2017-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-10-20] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
R0 WRkrn; C:\windows\System32\drivers\WRkrn.sys [128264 2018-02-17] (Webroot)
S3 wrUrlFlt; C:\windows\system32\DRIVERS\wrUrlFlt.sys [68384 2018-02-17] (Webroot)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-03 00:07 - 2018-03-03 00:07 - 000001245 _____ C:\Users\jlbut\Desktop\Malwarebytes Scan.txt
2018-03-03 00:07 - 2018-03-03 00:07 - 000000000 _____ C:\Users\jlbut\Desktop\topic posted.txt
2018-03-03 00:06 - 2018-03-03 00:06 - 000000000 ____D C:\Users\jlbut\AppData\Local\TeamViewer
2018-03-02 23:35 - 2018-03-02 23:36 - 000043396 _____ C:\Users\jlbut\Downloads\Addition.txt
2018-03-02 23:34 - 2018-03-03 00:08 - 000023989 _____ C:\Users\jlbut\Downloads\FRST.txt
2018-03-02 23:34 - 2018-03-03 00:08 - 000000000 ____D C:\FRST
2018-03-02 23:33 - 2018-03-02 23:33 - 002403840 _____ (Farbar) C:\Users\jlbut\Downloads\FRST64.exe
2018-03-02 23:33 - 2018-03-02 23:33 - 002403840 _____ (Farbar) C:\Users\jlbut\Desktop\FRST64 (1).exe
2018-03-02 22:42 - 2018-03-02 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-02 10:54 - 2018-03-02 10:54 - 000000000 ___HD C:\OneDriveTemp
2018-03-01 19:41 - 2018-03-01 19:41 - 000000000 ____D C:\Users\jlbut\AppData\Local\CrashRpt
2018-02-28 22:14 - 2018-03-02 22:37 - 000094144 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-02-28 22:14 - 2018-02-28 22:14 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-02-28 22:14 - 2018-02-28 22:14 - 000193968 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-02-28 22:14 - 2018-02-28 22:14 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-02-28 22:14 - 2018-02-28 22:14 - 000046008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-02-28 22:14 - 2018-02-28 22:14 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-28 22:14 - 2018-02-28 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-28 22:14 - 2018-02-28 22:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-28 22:14 - 2018-02-28 22:14 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-28 22:14 - 2017-11-29 09:11 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2018-02-28 22:13 - 2018-02-28 22:13 - 068067680 _____ (Malwarebytes ) C:\Users\jlbut\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4142.exe
2018-02-28 20:02 - 2018-02-28 20:02 - 000000000 ____D C:\Users\jlbut\AppData\Local\GoToAssist Remote Support Customer
2018-02-28 20:02 - 2018-02-28 20:02 - 000000000 ____D C:\Users\jlbut\AppData\Local\GoTo Opener
2018-02-28 20:01 - 2018-03-02 23:32 - 000004168 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4C9BF9C7-E480-4C10-871C-4E1DDFC40BEE}
2018-02-24 19:15 - 2018-02-24 19:15 - 000000000 ____D C:\Users\jlbut\AppData\Local\Visicom Media
2018-02-24 19:11 - 2018-02-24 20:08 - 000000000 ____D C:\Program Files (x86)\ManyCam
2018-02-24 11:30 - 2018-02-24 11:30 - 000001912 _____ C:\Users\jlbut\Desktop\Microsoft Solitaire Collection.lnk
2018-02-24 11:29 - 2018-02-24 11:29 - 000001668 _____ C:\Users\jlbut\Desktop\Microsoft Jigsaw.lnk
2018-02-21 23:01 - 2018-02-21 21:44 - 3083997552 _____ C:\Users\jlbut\Documents\Spirit_ Stallion of the Cimarron (HD.m4v
2018-02-21 22:43 - 2018-02-21 22:43 - 000000000 ____D C:\Users\Public\CyberLink
2018-02-21 13:41 - 2018-02-21 13:42 - 000000000 ____D C:\Users\jlbut\Documents\Slow Cooker Recipes
2018-02-21 13:29 - 2018-02-21 13:29 - 000000000 ____D C:\Users\jlbut\Documents\Custom Office Templates
2018-02-20 21:01 - 2018-02-20 21:01 - 000000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-02-20 17:26 - 2018-02-20 17:26 - 000000000 ____D C:\Users\jlbut\AppData\Local\DBG
2018-02-19 20:44 - 2018-02-19 20:45 - 000000000 ____D C:\ProgramData\CyberLink
2018-02-19 20:44 - 2018-02-19 20:44 - 000000000 ____D C:\Users\jlbut\Documents\CyberLink
2018-02-19 13:03 - 2018-02-19 13:03 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-02-19 13:03 - 2018-02-19 13:03 - 000001111 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-02-19 13:03 - 2018-02-19 13:03 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\TeamViewer
2018-02-19 13:03 - 2018-02-19 13:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-19 13:01 - 2018-02-19 13:01 - 019315456 _____ (TeamViewer GmbH) C:\Users\jlbut\Downloads\TeamViewer_Setup.exe
2018-02-19 10:48 - 2018-02-19 10:48 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pogo Games
2018-02-19 10:48 - 2018-02-19 10:48 - 000000000 ____D C:\ProgramData\TEMP
2018-02-19 10:48 - 2018-02-19 10:48 - 000000000 ____D C:\ProgramData\iWin Games
2018-02-19 10:48 - 2018-02-19 10:48 - 000000000 ____D C:\games
2018-02-19 10:47 - 2018-02-21 12:33 - 000000000 ____D C:\Users\jlbut\AppData\Local\GamesManager
2018-02-17 20:26 - 2018-02-17 20:26 - 000003936 _____ C:\windows\System32\Tasks\CCleaner Update
2018-02-17 20:26 - 2018-02-17 20:26 - 000002870 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-02-17 20:26 - 2018-02-17 20:26 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-17 20:26 - 2018-02-17 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-17 20:26 - 2018-02-17 20:26 - 000000000 ____D C:\Program Files\CCleaner
2018-02-17 20:25 - 2018-02-17 20:25 - 011217568 _____ (Piriform Ltd) C:\Users\jlbut\Downloads\ccsetup540 (1).exe
2018-02-17 19:46 - 2018-03-02 22:36 - 000003606 _____ C:\windows\System32\Tasks\McAfee DAT Built in test
2018-02-17 13:04 - 2018-02-17 13:04 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\Skype
2018-02-17 13:03 - 2018-02-17 13:03 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-17 13:03 - 2018-02-17 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-02-17 12:43 - 2018-02-28 17:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-17 12:43 - 2018-02-17 12:43 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-17 12:42 - 2018-02-17 12:42 - 004500256 _____ (Microsoft Corporation) C:\Users\jlbut\Downloads\Setup.X86.en-US_O365HomePremRetail_0ebafb32-fe94-4cc6-a82a-38519e881be9_TX_PR_.exe
2018-02-17 11:41 - 2018-02-25 18:17 - 000000000 ____D C:\Users\jlbut\Documents\coloring pages
2018-02-17 11:24 - 2018-02-17 11:24 - 000000000 ____D C:\Users\jlbut\AppData\Local\Apple Computer
2018-02-17 11:20 - 2018-02-17 11:25 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\Apple Computer
2018-02-17 11:19 - 2018-02-17 11:19 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\HP Active Health
2018-02-17 11:17 - 2018-02-17 11:17 - 000000000 ____D C:\Users\jlbut\AppData\Roaming\WildTangent
2018-02-17 10:59 - 2018-02-17 10:59 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-02-17 10:59 - 2018-02-17 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-02-17 10:59 - 2018-02-17 10:59 - 000000000 ____D C:\Program Files\iPod
2018-02-17 10:58 - 2018-02-17 10:59 - 000000000 ____D C:\Program Files\iTunes
2018-02-17 10:58 - 2018-02-17 10:58 - 000000000 ____D C:\ProgramData\Apple Computer
2018-02-17 10:57 - 2018-02-17 10:57 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-02-17 10:57 - 2018-02-17 10:57 - 000000000 ____D C:\windows\System32\Tasks\Apple
2018-02-17 10:57 - 2018-02-17 10:57 - 000000000 ____D C:\Users\jlbut\AppData\Local\Apple
2018-02-17 10:57 - 2018-02-17 10:57 - 000000000 ____D C:\Program Files\Bonjour
2018-02-17 10:57 - 2018-02-17 10:57 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-02-17 10:57 - 2018-02-17 10:57 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-17 10:55 - 2018-02-17 10:57 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-17 10:50 - 2018-02-17 10:53 - 264527688 _____ (Apple Inc.) C:\Users\jlbut\Downloads\iTunes64Setup.exe
2018-02-17 10:14 - 2018-02-17 10:14 - 000000000 ____D C:\Users\jlbut\AppData\LocalLow\LastPass
2018-02-17 09:29 - 2018-02-17 09:29 - 001252856 _____ (Webroot) C:\Users\jlbut\Downloads\wsabbs2 (1).exe
2018-02-17 09:26 - 2018-02-17 09:26 - 000000000 ____D C:\Users\jlbut\AppData\LocalLow\webroot
2018-02-17 09:26 - 2018-02-17 09:26 - 000000000 ____D C:\Users\jlbut\AppData\Local\lptmp
2018-02-17 09:25 - 2018-03-02 23:32 - 000000000 ____D C:\ProgramData\WRData
2018-02-17 09:25 - 2018-02-21 20:19 - 000276816 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2018-02-17 09:25 - 2018-02-21 20:19 - 000231672 _____ (Webroot) C:\windows\system32\WRusr.dll
2018-02-17 09:25 - 2018-02-17 09:25 - 000128264 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2018-02-17 09:25 - 2018-02-17 09:25 - 000068384 ____T (Webroot) C:\windows\system32\Drivers\wrUrlFlt.sys
2018-02-17 09:25 - 2018-02-17 09:25 - 000000120 _____ C:\Users\jlbut\Downloads\SecurityProductInformation.ini
2018-02-17 09:25 - 2018-02-17 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2018-02-17 09:25 - 2018-02-17 09:25 - 000000000 ____D C:\Program Files\Webroot
2018-02-17 09:25 - 2018-02-17 09:25 - 000000000 ____D C:\Program Files\Common Files\Webroot
2018-02-17 09:22 - 2018-02-17 09:23 - 001252856 _____ (Webroot) C:\Users\jlbut\Downloads\wsabbs2.exe
2018-02-17 09:01 - 2018-02-17 13:28 - 000003020 _____ C:\windows\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4222531852-2054636086-1797228796-1001
2018-02-17 06:57 - 2018-02-17 09:02 - 000000000 ____D C:\Users\defaultuser0
2018-02-17 06:56 - 2018-02-17 06:56 - 000000000 _SHDL C:\Documents and Settings
2018-02-16 23:27 - 2018-02-10 00:23 - 001577880 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-02-16 23:27 - 2018-02-10 00:16 - 008603032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-02-16 23:27 - 2018-02-10 00:16 - 002406456 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2018-02-16 23:27 - 2018-02-10 00:14 - 004504464 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2018-02-16 23:27 - 2018-02-10 00:09 - 003904296 _____ (Microsoft Corporation) C:\windows\explorer.exe
2018-02-16 23:27 - 2018-02-10 00:08 - 021351624 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2018-02-16 23:27 - 2018-02-10 00:08 - 007675784 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2018-02-16 23:27 - 2018-02-10 00:04 - 007384576 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2018-02-16 23:27 - 2018-02-10 00:03 - 001619808 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2018-02-16 23:27 - 2018-02-09 23:17 - 002255112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2018-02-16 23:27 - 2018-02-09 23:09 - 006092152 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2018-02-16 23:27 - 2018-02-09 23:07 - 025253376 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2018-02-16 23:27 - 2018-02-09 23:06 - 006481640 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-16 23:27 - 2018-02-09 22:50 - 003665408 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2018-02-16 23:27 - 2018-02-09 22:47 - 017160704 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2018-02-16 23:27 - 2018-02-09 22:47 - 013704192 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2018-02-16 23:27 - 2018-02-09 22:45 - 007545344 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2018-02-16 23:27 - 2018-02-09 22:43 - 018923008 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2018-02-16 23:27 - 2018-02-09 22:43 - 008020480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2018-02-16 23:27 - 2018-02-09 22:43 - 006466560 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2018-02-16 23:27 - 2018-02-09 22:42 - 023671808 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-02-16 23:27 - 2018-02-09 22:41 - 019352576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-02-16 23:27 - 2018-02-09 22:40 - 012831744 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-02-16 23:27 - 2018-02-09 22:40 - 008110080 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2018-02-16 23:27 - 2018-02-09 22:40 - 004113408 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_nt.dll
2018-02-16 23:27 - 2018-02-09 22:40 - 003405824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2018-02-16 23:27 - 2018-02-09 22:39 - 011925504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-02-16 23:27 - 2018-02-09 22:39 - 004748288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-02-16 23:27 - 2018-02-09 22:39 - 002741248 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2018-02-16 23:27 - 2018-02-09 22:38 - 003169280 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2018-02-16 23:27 - 2018-02-09 22:36 - 006031360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2018-02-16 23:27 - 2018-02-08 21:35 - 004959688 _____ (Microsoft Corporation) C:\windows\system32\rtmpltfm.dll
2018-02-16 23:27 - 2018-01-01 06:50 - 005905752 _____ (Microsoft Corporation) C:\windows\system32\StartTileData.dll
2018-02-16 23:27 - 2018-01-01 06:48 - 007831760 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2018-02-16 23:27 - 2018-01-01 05:15 - 012687872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2018-02-16 23:27 - 2018-01-01 05:13 - 013657600 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2018-02-16 23:27 - 2017-12-07 15:58 - 003211776 _____ (Microsoft Corporation) C:\windows\system32\NetworkMobileSettings.dll
2018-02-16 23:27 - 2017-11-26 14:35 - 017084416 _____ (Microsoft Corporation) C:\windows\system32\HologramCompositor.dll
2018-02-16 23:27 - 2017-11-26 14:32 - 021754368 _____ (Microsoft Corporation) C:\windows\system32\Hydrogen.dll
2018-02-16 23:27 - 2017-11-26 07:23 - 001694224 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2018-02-16 23:27 - 2017-11-26 06:18 - 003186688 _____ (Microsoft Corporation) C:\windows\system32\Windows.CloudStore.dll
2018-02-16 23:27 - 2017-11-26 06:04 - 002596352 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2018-02-16 23:27 - 2017-11-19 01:35 - 003331520 _____ C:\windows\system32\Windows.Mirage.dll
2018-02-16 23:27 - 2017-11-18 20:20 - 002491112 _____ C:\windows\SysWOW64\Windows.Mirage.dll
2018-02-16 23:27 - 2017-10-24 22:20 - 002717392 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2018-02-16 23:27 - 2017-10-24 21:27 - 001454568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsrcsnk.dll
2018-02-16 23:27 - 2017-10-24 21:22 - 002465848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2018-02-16 23:27 - 2017-10-10 00:49 - 001554216 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll
2018-02-16 23:26 - 2018-02-10 07:00 - 001005568 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2018-02-16 23:26 - 2018-02-10 04:28 - 000865280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-02-16 23:26 - 2018-02-10 00:24 - 000270744 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-02-16 23:26 - 2018-02-10 00:23 - 000758168 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-02-16 23:26 - 2018-02-10 00:23 - 000613272 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-02-16 23:26 - 2018-02-10 00:23 - 000138136 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-02-16 23:26 - 2018-02-10 00:22 - 002003352 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-02-16 23:26 - 2018-02-10 00:22 - 000662936 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-02-16 23:26 - 2018-02-10 00:22 - 000460696 _____ (Microsoft Corporation) C:\windows\system32\dcntel.dll
2018-02-16 23:26 - 2018-02-10 00:22 - 000387480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-02-16 23:26 - 2018-02-10 00:22 - 000272800 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-02-16 23:26 - 2018-02-10 00:22 - 000070040 _____ (Microsoft Corporation) C:\windows\system32\win32appinventorycsp.dll
2018-02-16 23:26 - 2018-02-10 00:21 - 001092016 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-02-16 23:26 - 2018-02-10 00:21 - 000479912 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase_enclave.dll
2018-02-16 23:26 - 2018-02-10 00:20 - 001206680 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2018-02-16 23:26 - 2018-02-10 00:20 - 001055640 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2018-02-16 23:26 - 2018-02-10 00:20 - 000924648 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2018-02-16 23:26 - 2018-02-10 00:19 - 001133888 _____ (Microsoft Corporation) C:\windows\system32\MSVP9DEC.dll
2018-02-16 23:26 - 2018-02-10 00:18 - 001193192 _____ (Microsoft Corporation) C:\windows\system32\Windows.StateRepositoryPS.dll
2018-02-16 23:26 - 2018-02-10 00:18 - 000319864 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-02-16 23:26 - 2018-02-10 00:17 - 001209240 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-02-16 23:26 - 2018-02-10 00:16 - 000739696 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2018-02-16 23:26 - 2018-02-10 00:15 - 002514944 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-02-16 23:26 - 2018-02-10 00:15 - 001954048 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-02-16 23:26 - 2018-02-10 00:15 - 001415296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-02-16 23:26 - 2018-02-10 00:14 - 002395032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2018-02-16 23:26 - 2018-02-10 00:14 - 001002592 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2018-02-16 23:26 - 2018-02-10 00:13 - 001416392 _____ (Microsoft Corporation) C:\windows\system32\D3D12.dll
2018-02-16 23:26 - 2018-02-10 00:12 - 004537040 _____ (Microsoft Corporation) C:\windows\system32\setupapi.dll
2018-02-16 23:26 - 2018-02-10 00:12 - 001313016 _____ (Microsoft Corporation) C:\windows\system32\Taskmgr.exe
2018-02-16 23:26 - 2018-02-10 00:12 - 001277848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2018-02-16 23:26 - 2018-02-10 00:12 - 000712600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2018-02-16 23:26 - 2018-02-10 00:11 - 001029528 _____ (Microsoft Corporation) C:\windows\system32\efscore.dll
2018-02-16 23:26 - 2018-02-10 00:11 - 000711432 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2018-02-16 23:26 - 2018-02-10 00:11 - 000677784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2018-02-16 23:26 - 2018-02-10 00:10 - 002447768 _____ (Microsoft Corporation) C:\windows\system32\UpdateAgent.dll
2018-02-16 23:26 - 2018-02-10 00:10 - 000749976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms2.sys
2018-02-16 23:26 - 2018-02-10 00:10 - 000614160 _____ (Microsoft Corporation) C:\windows\system32\StateRepository.Core.dll
2018-02-16 23:26 - 2018-02-10 00:10 - 000246168 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2018-02-16 23:26 - 2018-02-10 00:09 - 000755712 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2018-02-16 23:26 - 2018-02-10 00:09 - 000491264 _____ (Microsoft Corporation) C:\windows\system32\policymanager.dll
2018-02-16 23:26 - 2018-02-10 00:08 - 003010248 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2018-02-16 23:26 - 2018-02-10 00:08 - 002574232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2018-02-16 23:26 - 2018-02-10 00:08 - 000687552 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-02-16 23:26 - 2018-02-10 00:07 - 004506576 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2018-02-16 23:26 - 2018-02-10 00:07 - 002710728 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-02-16 23:26 - 2018-02-10 00:07 - 000436632 _____ (Microsoft Corporation) C:\windows\system32\CloudExperienceHostCommon.dll
2018-02-16 23:26 - 2018-02-10 00:06 - 004486904 _____ (Microsoft Corporation) C:\windows\system32\Windows.StateRepository.dll
2018-02-16 23:26 - 2018-02-10 00:06 - 000824896 _____ (Microsoft Corporation) C:\windows\system32\ClipSVC.dll
2018-02-16 23:26 - 2018-02-10 00:06 - 000727448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2018-02-16 23:26 - 2018-02-10 00:06 - 000594048 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2018-02-16 23:26 - 2018-02-10 00:06 - 000519144 _____ (Microsoft Corporation) C:\windows\system32\SecurityHealthService.exe
2018-02-16 23:26 - 2018-02-10 00:06 - 000494488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-02-16 23:26 - 2018-02-10 00:06 - 000362904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2018-02-16 23:26 - 2018-02-10 00:05 - 000688064 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentClient.dll
2018-02-16 23:26 - 2018-02-10 00:04 - 006791984 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2018-02-16 23:26 - 2018-02-10 00:04 - 001430760 _____ (Microsoft Corporation) C:\windows\system32\WpcMon.exe
2018-02-16 23:26 - 2018-02-10 00:04 - 001426672 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2018-02-16 23:26 - 2018-02-10 00:04 - 001254144 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2018-02-16 23:26 - 2018-02-10 00:04 - 001170008 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2018-02-16 23:26 - 2018-02-10 00:04 - 000603920 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2018-02-16 23:26 - 2018-02-10 00:04 - 000339872 _____ (Microsoft Corporation) C:\windows\system32\NetworkBindingEngineMigPlugin.dll
2018-02-16 23:26 - 2018-02-10 00:03 - 000722616 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2018-02-16 23:26 - 2018-02-10 00:03 - 000706600 _____ (Microsoft Corporation) C:\windows\system32\EditionUpgradeManagerObj.dll
2018-02-16 23:26 - 2018-02-10 00:02 - 002773400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-02-16 23:26 - 2018-02-10 00:02 - 001103768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2018-02-16 23:26 - 2018-02-10 00:02 - 000628632 _____ (Microsoft Corporation) C:\windows\system32\msvcp_win.dll
2018-02-16 23:26 - 2018-02-09 23:22 - 001930224 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-02-16 23:26 - 2018-02-09 23:21 - 001615712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-02-16 23:26 - 2018-02-09 23:18 - 001384288 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVP9DEC.dll
2018-02-16 23:26 - 2018-02-09 23:17 - 000597160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2018-02-16 23:26 - 2018-02-09 23:17 - 000542856 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-16 23:26 - 2018-02-09 23:17 - 000211864 _____ (Microsoft Corporation) C:\windows\SysWOW64\aepic.dll
2018-02-16 23:26 - 2018-02-09 23:15 - 001145624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2018-02-16 23:26 - 2018-02-09 23:12 - 004382032 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupapi.dll
2018-02-16 23:26 - 2018-02-09 23:11 - 001250528 _____ (Microsoft Corporation) C:\windows\SysWOW64\Taskmgr.exe
2018-02-16 23:26 - 2018-02-09 23:10 - 000422592 _____ (Microsoft Corporation) C:\windows\SysWOW64\policymanager.dll
2018-02-16 23:26 - 2018-02-09 23:09 - 003485392 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2018-02-16 23:26 - 2018-02-09 23:09 - 002338776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2018-02-16 23:26 - 2018-02-09 23:09 - 001123456 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3D12.dll
2018-02-16 23:26 - 2018-02-09 23:09 - 000559976 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-02-16 23:26 - 2018-02-09 23:09 - 000354200 _____ (Microsoft Corporation) C:\windows\SysWOW64\CloudExperienceHostCommon.dll
2018-02-16 23:26 - 2018-02-09 23:08 - 003980720 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.StateRepository.dll
2018-02-16 23:26 - 2018-02-09 23:08 - 002193168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-02-16 23:26 - 2018-02-09 23:07 - 020286120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2018-02-16 23:26 - 2018-02-09 23:07 - 000543920 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppXDeploymentClient.dll
2018-02-16 23:26 - 2018-02-09 23:07 - 000527864 _____ (Microsoft Corporation) C:\windows\SysWOW64\StateRepository.Core.dll
2018-02-16 23:26 - 2018-02-09 23:06 - 006014688 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2018-02-16 23:26 - 2018-02-09 23:06 - 004670728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2018-02-16 23:26 - 2018-02-09 23:06 - 000982528 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2018-02-16 23:26 - 2018-02-09 23:05 - 001246432 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2018-02-16 23:26 - 2018-02-09 23:05 - 001149272 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2018-02-16 23:26 - 2018-02-09 23:05 - 000662208 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2018-02-16 23:26 - 2018-02-09 23:05 - 000654456 _____ (Microsoft Corporation) C:\windows\SysWOW64\EditionUpgradeManagerObj.dll
2018-02-16 23:26 - 2018-02-09 23:05 - 000551672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2018-02-16 23:26 - 2018-02-09 22:50 - 001313792 _____ (Microsoft Corporation) C:\windows\system32\InstallService.dll
2018-02-16 23:26 - 2018-02-09 22:50 - 001294848 _____ (Microsoft Corporation) C:\windows\system32\usocore.dll
2018-02-16 23:26 - 2018-02-09 22:50 - 000849920 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2018-02-16 23:26 - 2018-02-09 22:50 - 000496128 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2018-02-16 23:26 - 2018-02-09 22:49 - 000848896 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2018-02-16 23:26 - 2018-02-09 22:49 - 000536576 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2018-02-16 23:26 - 2018-02-09 22:49 - 000385536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cldflt.sys
2018-02-16 23:26 - 2018-02-09 22:49 - 000329728 _____ (Microsoft Corporation) C:\windows\system32\AcGenral.dll
2018-02-16 23:26 - 2018-02-09 22:46 - 002902528 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2018-02-16 23:26 - 2018-02-09 22:46 - 002393600 _____ (Microsoft Corporation) C:\windows\SysWOW64\AcGenral.dll
2018-02-16 23:26 - 2018-02-09 22:46 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2018-02-16 23:26 - 2018-02-09 22:46 - 001008640 _____ (Microsoft Corporation) C:\windows\SysWOW64\InstallService.dll
2018-02-16 23:26 - 2018-02-09 22:44 - 001498112 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2018-02-16 23:26 - 2018-02-09 22:44 - 000579072 _____ (Microsoft Corporation) C:\windows\system32\Windows.Payments.dll
2018-02-16 23:26 - 2018-02-09 22:44 - 000539136 _____ (Microsoft Corporation) C:\windows\system32\HolographicExtensions.dll
2018-02-16 23:26 - 2018-02-09 22:44 - 000336896 _____ (Microsoft Corporation) C:\windows\system32\AppLockerCSP.dll
2018-02-16 23:26 - 2018-02-09 22:44 - 000276992 _____ (Microsoft Corporation) C:\windows\system32\shutdownux.dll
2018-02-16 23:26 - 2018-02-09 22:43 - 000570368 _____ (Microsoft Corporation) C:\windows\system32\TileDataRepository.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 001425408 _____ (Microsoft Corporation) C:\windows\system32\SystemSettings.Handlers.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 001216000 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Vpn.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 001113600 _____ (Microsoft Corporation) C:\windows\system32\bcastdvr.exe
2018-02-16 23:26 - 2018-02-09 22:42 - 000975872 _____ (Microsoft Corporation) C:\windows\system32\wbiosrvc.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 000837632 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 000813568 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 000792064 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2018-02-16 23:26 - 2018-02-09 22:42 - 000634880 _____ (Microsoft Corporation) C:\windows\system32\efswrt.dll
2018-02-16 23:26 - 2018-02-09 22:41 - 001495552 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2018-02-16 23:26 - 2018-02-09 22:41 - 000815616 _____ (Microsoft Corporation) C:\windows\system32\ieproxy.dll
2018-02-16 23:26 - 2018-02-09 22:41 - 000721408 _____ (Microsoft Corporation) C:\windows\system32\LogonController.dll
2018-02-16 23:26 - 2018-02-09 22:41 - 000401408 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2018-02-16 23:26 - 2018-02-09 22:40 - 004498432 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2018-02-16 23:26 - 2018-02-09 22:40 - 001234432 _____ (Microsoft Corporation) C:\windows\system32\SEMgrSvc.dll
2018-02-16 23:26 - 2018-02-09 22:40 - 001002496 _____ (Microsoft Corporation) C:\windows\system32\modernexecserver.dll
2018-02-16 23:26 - 2018-02-09 22:40 - 000939520 _____ (Microsoft Corporation) C:\windows\system32\rasdlg.dll
2018-02-16 23:26 - 2018-02-09 22:40 - 000526336 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-02-16 23:26 - 2018-02-09 22:39 - 004592640 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-16 23:26 - 2018-02-09 22:39 - 002976256 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2018-02-16 23:26 - 2018-02-09 22:39 - 002677760 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2018-02-16 23:26 - 2018-02-09 22:39 - 002209280 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2018-02-16 23:26 - 2018-02-09 22:39 - 001669120 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 006722560 _____ (Microsoft Corporation) C:\windows\system32\mspaint.exe
2018-02-16 23:26 - 2018-02-09 22:38 - 006567936 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 005833216 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 004815360 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 003334144 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 003125760 _____ (Microsoft Corporation) C:\windows\system32\InputService.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 002857984 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 002184192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2018-02-16 23:26 - 2018-02-09 22:38 - 002086400 _____ (Microsoft Corporation) C:\windows\system32\win32kbase.sys
2018-02-16 23:26 - 2018-02-09 22:38 - 0019686

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,120 posts

Posted 03 March 2018 - 11:24 AM

Hello jlbutterfly2018 and welcome to SpywareInfo Forum.

 

I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please follow the directions in the order listed.

 

I do not see signs in your logs revealing the existence of a backdoor or keylogger. However, let's check it further. Please proceed as follow:


NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4222531852-2054636086-1797228796-1001 -> {BE239257-CABF-4C91-B665-7E19329D44C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
S2 0200881519960935mcinstcleanup; C:\windows\TEMP\020088~1.EXE [1013256 2017-12-19] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are stored in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in.
  • Please copy and paste the content of that log in your next reply;

 

 

Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is 'On' and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please copy and paste the content of the log in your next reply.

 

 

Next,

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it found. They may not all be malicious and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please copy and paste the content of RKlog.txt to your next reply.


To summarize, I would like to see in your next reply the contents of the following logs:
Fixlog.txt
AdwCleaner clean log (the log is stored in C:\AdwCleaner\AdwCleaner[Cx].txt, where 'x' is a number);
Malwarebytes log.
RKlog.txt

Let me also know how is the computer running. What issues still remain on the computer?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button