Jump to content


Photo

bought used computer, malware check & clean

Started by Stormy2inmotion , Mar 06 2018 10:46 PM
redirect browserredirect usedcomputer

  • Please log in to reply
2 replies to this topic

#1 Stormy2inmotion

Stormy2inmotion

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 March 2018 - 10:46 PM

 
Hello Kind Expert,
I bought a used laptop and wish to clean it before using it for business and personal purposes. I thank you for your help in advance. A few months ago i got this computer and ran some sort of antivirus scan and got some malware in the result; it was quarantined/deleted. Since that time I had some browser redirect behavior but did not capture it. It occurred in Chrome. I am now serious about using this for my business and financial uses and want to get it clean as a whistle. Based on the fact that there was browser redirects I suspect there is lingering infection.  Your assistance is most appreciated. The existing Windows has a generic "User" user but I created my own admin user, JenniferTheAdmin user. Should I delete the "User" user? Any other advice? Logs below
Thanks,
Jennifer
 
mbam log:
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/3/18
Scan Time: 3:26 PM
Log File: 8b07359d-1f29-11e8-ab1d-d4bed9092ccb.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4194
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\JenniferTheAdmin
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251786
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 47 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
frst log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2018
Ran by JenniferTheAdmin (administrator) on USER-PC (03-03-2018 17:32:48)
Running from C:\Users\JenniferTheAdmin\Desktop
Loaded Profiles: User & JenniferTheAdmin (Available Profiles: User & JenniferTheAdmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Brother Industries Ltd.) C:\Windows\System32\spool\drivers\x64\3\BRMD04.EXE
(Brother Industries Ltd.) C:\Windows\System32\spool\drivers\x64\3\BRMD04.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-02-03] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2745196114-3872186679-3452666173-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-2745196114-3872186679-3452666173-1000\...\Run: [3C315CB7C05A2A2BFAEAFA05AE1603CA95A938F0._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)
HKU\S-1-5-21-2745196114-3872186679-3452666173-1000\...\MountPoints2: {ed8920a9-8a5b-11e5-9ee1-e2388fb966a5} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{841A45BA-FDDB-4532-A93C-BA2D1D22E761}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-2745196114-3872186679-3452666173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2745196114-3872186679-3452666173-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-03] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-03] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default [2018-03-03]
CHR Extension: (Slides) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-26]
CHR Extension: (Docs) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-26]
CHR Extension: (Google Drive) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-26]
CHR Extension: (YouTube) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-26]
CHR Extension: (Avast SafePrice) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-26]
CHR Extension: (Sheets) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-26]
CHR Extension: (Avast Online Security) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-26]
CHR Extension: (Gmail) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-26]
CHR HKU\S-1-5-21-2745196114-3872186679-3452666173-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-02-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-02-03] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-02-03] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-02-03] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-02-03] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-02-03] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-02-03] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-02-03] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-02-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-02-03] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-02-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-02-03] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-02-03] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-02-03] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-02-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-02-03] (AVAST Software)
R2 BrPar; C:\Windows\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-03] (Malwarebytes)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2018-03-03] (Macrovision Europe Ltd) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-03 17:32 - 2018-03-03 17:33 - 000013771 _____ C:\Users\JenniferTheAdmin\Desktop\FRST.txt
2018-03-03 17:30 - 2018-03-03 17:30 - 002403840 _____ (Farbar) C:\Users\JenniferTheAdmin\Desktop\FRST64.exe
2018-03-03 17:27 - 2018-03-03 17:27 - 000001241 _____ C:\Users\JenniferTheAdmin\Desktop\mbamreport20180303.txt
2018-03-03 15:19 - 2018-03-03 15:19 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-03 15:19 - 2018-03-03 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-03 15:17 - 2018-03-03 15:17 - 067456464 _____ (Malwarebytes ) C:\Users\JenniferTheAdmin\Downloads\mb3-setup-exp89ctrl.exp89ctrl-3.3.1.2183-1.0.262-1.0.4030.exe
2018-03-03 14:02 - 2018-03-03 14:02 - 000002968 _____ C:\Windows\System32\Tasks\{AADA87D8-B26B-4C1F-88A9-43CF213A920B}
2018-03-03 14:01 - 2018-03-03 14:01 - 000002968 _____ C:\Windows\System32\Tasks\{0998D692-0A8D-44C0-AA95-6926E38F1019}
2018-03-03 14:00 - 2018-03-03 14:00 - 000002968 _____ C:\Windows\System32\Tasks\{BDEB31CD-FB15-467A-8D17-B16FF574E2F4}
2018-03-03 13:59 - 2018-03-03 13:59 - 000002968 _____ C:\Windows\System32\Tasks\{ACE2FC7F-CFA6-49EE-B869-E2240ADD8A7F}
2018-03-03 13:59 - 2018-03-03 13:59 - 000002968 _____ C:\Windows\System32\Tasks\{27503C8A-D2B0-46E2-979C-5D1482A2A5C1}
2018-03-03 13:58 - 2018-03-03 13:58 - 000002968 _____ C:\Windows\System32\Tasks\{18B2DC51-1D04-47C8-B401-AFCC1C39268C}
2018-03-03 13:56 - 2018-03-03 13:56 - 000000000 ____D C:\Windows\SysWOW64\BestPractices
2018-03-03 13:56 - 2018-03-03 13:56 - 000000000 ____D C:\Windows\system32\BestPractices
2018-03-03 13:56 - 2018-03-03 13:56 - 000000000 ____D C:\Program Files\Microsoft Games
2018-03-03 13:56 - 2018-03-03 13:56 - 000000000 ____D C:\inetpub
2018-03-03 13:04 - 2018-03-03 13:04 - 000021464 _____ C:\Users\JenniferTheAdmin\Downloads\4gb_patch.zip
2018-02-28 23:34 - 2018-02-28 23:34 - 000002968 _____ C:\Windows\System32\Tasks\{C478CE0D-CD30-4806-AAB6-4993DD07D765}
2018-02-28 23:34 - 2018-02-28 23:34 - 000002968 _____ C:\Windows\System32\Tasks\{23661DE6-F52E-403A-A8D6-C0C2EDC25F54}
2018-02-28 23:32 - 2018-02-28 23:32 - 000002968 _____ C:\Windows\System32\Tasks\{B430A95D-01A0-4B71-88E3-0C8B993D955F}
2018-02-28 23:32 - 2018-02-28 23:32 - 000002968 _____ C:\Windows\System32\Tasks\{0C3FB3B7-22A2-41B5-B66D-5A1F2B5E9241}
2018-02-28 23:31 - 2018-02-28 23:31 - 000002968 _____ C:\Windows\System32\Tasks\{BD567F8A-F198-4C04-97E5-5344492E19D6}
2018-02-28 23:31 - 2018-02-28 23:31 - 000002968 _____ C:\Windows\System32\Tasks\{6C05454D-1148-4B69-B151-EC5549F0A948}
2018-02-28 23:30 - 2018-02-28 23:30 - 000002968 _____ C:\Windows\System32\Tasks\{D1CFE29A-E724-4E67-8ACB-E6B743BB0E73}
2018-02-28 22:58 - 2018-02-28 22:58 - 000002968 _____ C:\Windows\System32\Tasks\{6EEB4B71-23BF-4377-ADC6-369D17D843A6}
2018-02-28 22:51 - 2018-03-03 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2018-02-26 23:51 - 2018-03-03 14:39 - 000000000 ____D C:\Program Files\MAXIS
2018-02-26 23:49 - 2018-02-26 23:49 - 000003056 _____ C:\Windows\System32\Tasks\{44C8E00A-1377-4808-8088-1003FAD0FCFA}
2018-02-26 23:43 - 2018-02-26 23:43 - 000003062 _____ C:\Windows\System32\Tasks\{9E44E52D-24EB-465B-BC80-B765EAF35CEF}
2018-02-26 23:25 - 2018-03-03 14:01 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Local\ElevatedDiagnostics
2018-02-26 23:16 - 2018-02-26 23:19 - 000003056 _____ C:\Windows\System32\Tasks\{772AD540-459F-4028-8419-78494734516D}
2018-02-26 23:14 - 2018-02-26 23:14 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Roaming\AVAST Software
2018-02-26 23:14 - 2018-02-26 23:14 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Local\CEF
2018-02-26 23:12 - 2018-02-26 23:12 - 000109296 _____ C:\Users\JenniferTheAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-26 23:12 - 2018-02-26 23:12 - 000000504 _____ C:\Users\JenniferTheAdmin\Desktop\Local Disk ©.lnk
2018-02-26 23:10 - 2018-03-03 12:41 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Roaming\Notepad++
2018-02-26 23:10 - 2018-02-26 23:10 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Local\Notepad++
2018-02-26 23:06 - 2018-02-26 23:06 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-02-26 23:03 - 2018-02-28 23:25 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Local\VirtualStore
2018-02-26 23:03 - 2018-02-26 23:48 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Local\Google
2018-02-26 23:03 - 2018-02-26 23:03 - 000001417 _____ C:\Users\JenniferTheAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-26 23:03 - 2018-02-26 23:03 - 000000020 ___SH C:\Users\JenniferTheAdmin\ntuser.ini
2018-02-26 23:03 - 2018-02-26 23:03 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Roaming\Adobe
2018-02-26 23:03 - 2018-02-26 23:03 - 000000000 ____D C:\Users\JenniferTheAdmin
2018-02-26 23:03 - 2009-07-14 01:45 - 000000000 ____D C:\Users\JenniferTheAdmin\AppData\Roaming\Media Center Programs
2018-02-26 22:54 - 2018-02-26 22:54 - 000109296 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-26 22:52 - 2018-03-03 14:40 - 000012400 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2018-02-26 22:52 - 2018-02-26 22:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-02-26 22:35 - 2018-03-02 23:05 - 000000915 _____ C:\Windows\eReg.dat
2018-02-19 13:37 - 2018-02-19 13:37 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-16 16:11 - 2018-02-10 13:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-16 16:11 - 2018-02-10 13:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-16 16:11 - 2018-02-10 02:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-16 16:11 - 2018-02-10 01:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-16 16:11 - 2018-02-10 01:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-16 16:11 - 2018-02-10 01:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-16 16:11 - 2018-02-10 01:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-16 16:11 - 2018-02-10 01:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-16 16:11 - 2018-02-10 01:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-16 16:11 - 2018-02-10 00:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-16 16:11 - 2018-02-10 00:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-16 16:11 - 2018-02-10 00:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-16 16:11 - 2018-02-10 00:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-16 16:11 - 2018-02-10 00:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-16 16:11 - 2018-02-10 00:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-16 16:11 - 2018-02-10 00:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-16 16:11 - 2018-02-10 00:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-16 16:11 - 2018-02-10 00:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-16 16:11 - 2018-02-09 23:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-16 16:11 - 2018-02-09 23:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-16 16:11 - 2018-02-09 23:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-16 16:11 - 2018-02-09 23:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-16 16:11 - 2018-02-09 23:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-16 16:11 - 2018-02-09 23:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-16 16:11 - 2018-02-09 23:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-16 16:11 - 2018-02-09 23:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-16 16:11 - 2018-02-09 23:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-16 16:11 - 2018-02-09 23:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-16 16:11 - 2018-02-09 23:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-16 16:11 - 2018-02-09 23:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-16 16:11 - 2018-02-09 23:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-16 16:11 - 2018-01-12 10:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-02-16 16:11 - 2018-01-12 10:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-16 16:11 - 2018-01-12 10:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-16 16:11 - 2018-01-12 10:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-02-16 16:11 - 2018-01-12 10:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-02-16 16:11 - 2018-01-12 10:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-02-16 16:11 - 2018-01-12 10:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-02-16 16:11 - 2018-01-12 10:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-02-16 16:11 - 2018-01-12 10:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-16 16:11 - 2018-01-12 10:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-16 16:11 - 2018-01-12 10:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-16 16:11 - 2018-01-12 10:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-02-16 16:11 - 2018-01-12 10:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-16 16:11 - 2018-01-12 10:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-16 16:11 - 2018-01-12 10:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-16 16:11 - 2018-01-12 10:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-02-16 16:11 - 2018-01-12 10:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-02-16 16:11 - 2018-01-12 10:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-02-16 16:11 - 2018-01-12 10:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-02-16 16:11 - 2018-01-12 10:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-02-16 16:11 - 2018-01-12 10:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-02-16 16:11 - 2018-01-12 10:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-16 16:11 - 2018-01-12 10:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-16 16:11 - 2018-01-12 10:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-16 16:11 - 2018-01-12 10:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-16 16:11 - 2018-01-12 10:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-02-16 16:11 - 2018-01-12 10:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-16 16:11 - 2018-01-12 10:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-16 16:11 - 2018-01-12 10:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-16 16:11 - 2018-01-12 10:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-16 16:11 - 2018-01-12 10:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-02-16 16:11 - 2018-01-12 10:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-16 16:11 - 2018-01-12 10:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-16 16:11 - 2018-01-12 09:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-02-16 16:11 - 2018-01-12 09:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-16 16:11 - 2018-01-12 09:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-16 16:11 - 2018-01-11 10:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-02-16 16:11 - 2018-01-11 10:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2018-02-16 16:11 - 2018-01-11 10:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-02-16 16:11 - 2018-01-05 10:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-02-16 16:11 - 2018-01-05 10:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-02-16 16:11 - 2018-01-05 10:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-02-16 16:11 - 2018-01-05 10:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-02-16 16:11 - 2018-01-05 10:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-02-16 16:11 - 2018-01-05 10:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-02-16 16:11 - 2017-12-05 11:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-16 16:11 - 2017-12-05 11:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-16 16:11 - 2017-12-05 11:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-16 16:11 - 2017-12-05 11:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2018-02-16 16:11 - 2017-12-05 11:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-02-16 16:11 - 2017-12-05 10:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-16 16:10 - 2018-02-10 01:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-16 16:10 - 2018-02-10 01:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-16 16:10 - 2018-02-10 01:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-16 16:10 - 2018-02-10 01:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-16 16:10 - 2018-02-10 01:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-16 16:10 - 2018-02-10 01:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-16 16:10 - 2018-02-10 01:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-16 16:10 - 2018-02-10 01:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-16 16:10 - 2018-02-10 01:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-16 16:10 - 2018-02-10 01:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-16 16:10 - 2018-02-10 01:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-16 16:10 - 2018-02-10 00:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-16 16:10 - 2018-02-10 00:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-16 16:10 - 2018-02-10 00:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-16 16:10 - 2018-02-10 00:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-16 16:10 - 2018-02-10 00:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-16 16:10 - 2018-02-10 00:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-16 16:10 - 2018-02-10 00:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-16 16:10 - 2018-02-10 00:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-16 16:10 - 2018-02-10 00:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-16 16:10 - 2018-02-10 00:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-16 16:10 - 2018-02-09 23:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-16 16:10 - 2018-02-09 23:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-16 16:10 - 2018-02-09 23:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-16 16:10 - 2018-02-09 23:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-16 16:10 - 2018-02-09 23:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-16 16:10 - 2018-02-09 23:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-16 16:10 - 2018-02-09 23:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-16 16:10 - 2018-02-09 23:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-16 16:10 - 2018-02-09 23:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-16 16:10 - 2018-02-09 23:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-16 16:10 - 2018-02-09 23:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-16 16:10 - 2018-02-09 23:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-16 16:10 - 2018-02-09 23:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-16 16:10 - 2018-02-09 23:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-16 16:10 - 2018-02-09 23:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-16 16:10 - 2018-02-09 23:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 10:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-02-16 16:10 - 2018-01-12 09:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-16 16:10 - 2018-01-12 09:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-16 16:10 - 2018-01-12 09:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 09:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 09:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-16 16:10 - 2018-01-12 09:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-16 16:10 - 2018-01-05 10:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-02-16 16:10 - 2018-01-05 10:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-02-16 16:10 - 2018-01-05 10:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-02-16 16:10 - 2018-01-05 10:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-02-16 16:10 - 2018-01-05 10:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-02-16 16:10 - 2018-01-05 09:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-02-16 16:10 - 2017-12-05 11:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-16 16:10 - 2017-12-05 11:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-16 16:10 - 2017-12-05 11:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-16 16:10 - 2017-12-05 11:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2018-02-16 16:10 - 2017-12-05 11:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2018-02-16 16:10 - 2017-12-05 11:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2018-02-11 23:47 - 2018-02-11 23:47 - 000000000 ___RD C:\Users\User\AppData\Roaming\Brother
2018-02-11 23:41 - 2015-07-16 13:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-02-11 23:41 - 2015-07-16 13:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2018-02-11 23:41 - 2015-07-16 13:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2018-02-11 23:41 - 2015-07-16 13:11 - 007077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-02-11 23:41 - 2015-07-16 13:11 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2018-02-11 23:41 - 2015-07-16 13:11 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2018-02-11 23:41 - 2015-07-11 07:15 - 000429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2018-02-11 23:41 - 2014-12-11 11:47 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2018-02-11 23:39 - 2018-02-11 23:39 - 000000410 _____ C:\Windows\BRWMARK.INI
2018-02-11 23:38 - 2018-02-11 23:38 - 000009030 _____ C:\Windows\HL-2070N.INI
2018-02-11 23:38 - 2018-02-11 23:38 - 000000152 _____ C:\Windows\BRVIDEO.INI
2018-02-11 23:38 - 2018-02-11 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2070N
2018-02-11 23:38 - 2018-02-11 23:38 - 000000000 ____D C:\Program Files (x86)\Brownie
2018-02-11 23:38 - 2018-02-11 23:38 - 000000000 _____ C:\Windows\brmx2001.ini
2018-02-11 23:38 - 2008-10-23 00:00 - 000111928 ____N (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2018-02-11 23:38 - 2007-01-16 00:00 - 000024223 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\brlm03a.dll
2018-02-11 23:38 - 2006-12-21 11:23 - 000176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2018-02-11 23:38 - 2006-11-06 08:56 - 000030528 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\brpar64a.sys
2018-02-11 23:38 - 2004-08-10 01:00 - 000000114 _____ C:\Windows\SysWOW64\brlmw03a.ini
2018-02-11 23:38 - 2004-08-10 00:42 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll
2018-02-11 23:37 - 2018-02-11 23:39 - 000000054 _____ C:\Windows\SysWOW64\bd2070n.dat
2018-02-11 23:37 - 2018-02-11 23:38 - 000000000 ____D C:\Program Files (x86)\Brother
2018-02-11 23:37 - 2018-02-11 23:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-11 23:37 - 2009-05-25 19:14 - 000196608 ____N (brother) C:\Windows\SysWOW64\Pdrvinst.dll
2018-02-11 23:36 - 2018-03-03 15:16 - 000000376 _____ C:\Windows\Brownie.ini
2018-02-11 23:36 - 2018-02-11 23:36 - 000000000 ____D C:\Users\User\Downloads\install
2018-02-11 23:35 - 2018-02-11 23:35 - 105634606 _____ (A.I.SOFT,INC.) C:\Users\User\Downloads\HL2030_70-inst-win7-A2-en.EXE
2018-02-11 23:22 - 2018-02-11 23:22 - 005545984 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2018-02-09 11:56 - 2017-12-31 20:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-02-09 11:56 - 2017-12-31 20:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-02-09 11:56 - 2017-12-31 20:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-02-09 11:56 - 2017-12-31 20:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-02-09 11:56 - 2017-12-31 20:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-02-09 11:56 - 2017-12-31 20:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-02-09 11:56 - 2017-12-31 20:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-02-09 11:56 - 2017-12-31 20:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-02-09 11:56 - 2017-12-31 20:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-02-09 11:56 - 2017-12-31 20:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-02-09 11:56 - 2017-12-31 20:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-02-09 11:56 - 2017-12-31 20:18 - 000026112 _____ (Microsoft Corp

#2 Stormy2inmotion

Stormy2inmotion

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 March 2018 - 10:53 PM

I will be checking this topic for replies and homework at night. Thanks for your patience! :thumbup:  :hi:


#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 07 March 2018 - 07:39 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\JenniferTheAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

Task: {5262FE24-E38E-4143-8B12-68C8A55B106A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {C304F1DF-C658-4EEB-A459-03A01655C841} - System32\Tasks\{772AD540-459F-4028-8419-78494734516D} => C:\Windows\system32\pcalua.exe -a D:\AutoRun.exe -d D:\
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

C:\Windows\System32\Tasks\AutoKMS
C:\WINDOWS\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

Clear your cache and cookies
https://support.goog...er/183083?hl=en
<<<>>>

If the previous owner was Syncing Chrome with other devices I might be well to reset it.
Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwa...ays-comes-back/
<<<>>>
 

Should I delete the "User" user? Any other advice? Logs below


I think you should remove it.

Make a backup of the Registry before you proceed. If andything goes wrong you can restore the Registry.
https://support.micr...stry-in-windows
===
Please post the Fixlog.txt and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button