12 replies to this topic

[scorpiotiger]

The last week, my computer randomly freezes.  It has always happened when it is just sitting there.  I have yet to have it happen when I'm on it (yet).

I will come back, and nothing happens and the screen is frozen.  I have to reboot - then it comes up and works for an hour or a few hours..  

I have run chkdsk /f - it showed nothing wrong. 
I have tried leaving it with the task manager up, to see what is happening when it freezes.  but it doesn't look any different than when I'm just looking.. thought maybe I would see memory eaten up or something.

 

I tried running Malwarebytes.. but didn't run it with the root kit scan.  did that after reading the instructions here.  So.. I followed the instructions and also did the ESET scan, then realized that it has different scans, and I didn't know which one to choose.  so, I did the quick scan.. only because I was afraid the computer would freeze before the long scan could complete.  but I will do that and whatever else, if you request - just need to know what type of scan (long or quick) is needed.

I am attaching my logs.  well, most of them.  Ahead of time - I wish to thank you for any help you can give me.

I will paste the FRST.txt here (too big to attach):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018

Ran by Lynne (administrator) on OFFICEPC00 (14-12-2018 20:26:01)

Running from C:\Users\Lynne\Desktop\cleanup PC\freezing problem

Loaded Profiles: Lynne (Available Profiles: Lynne)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe

(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe

(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe

(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2012-01-10] (Realtek Semiconductor)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-15] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-11-30] (Apple Inc.)

HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27496 2013-12-10] ()

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)

HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)

HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\...\MountPoints2: {503cdc46-ff18-11e2-8bfa-806e6f6e6963} - Q:\LenovoQDrive.exe

HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2018-10-19]

ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)

Startup: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2016-08-17]

ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

Startup: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-12-12]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{80AB82A4-0D92-48DB-94BA-D71C24D913AA}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550

SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-05-25] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-10-30] (Microsoft Corporation)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-10-30] (Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2018-10-30] (Microsoft Corporation)

BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-10-30] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

 

FireFox:

========

FF DefaultProfile: 06qu9i4g.default-1529378480595

FF ProfilePath: C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\06qu9i4g.default-1529378480595 [2018-12-14]

FF Extension: (Avast Online Security) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\06qu9i4g.default-1529378480595\Extensions\wrc@avast.com.xpi [2018-07-17]

FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2013-08-06] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_159.dll [2017-10-11] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_159.dll [2017-10-11] ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-17] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1963669437-1985500675-3762882386-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Lynne\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-17] (Zoom Video Communications, Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default [2018-12-14]

CHR Extension: (Slides) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-14]

CHR Extension: (Docs) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]

CHR Extension: (Google Drive) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Adblock Plus) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]

CHR Extension: (Google Search) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]

CHR Extension: (Tampermonkey) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-11-27]

CHR Extension: (Sheets) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-14]

CHR Extension: (Wayback Machine) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2018-02-09]

CHR Extension: (Google Docs Offline) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]

CHR Extension: (Avast Online Security) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]

CHR Extension: (Cookie Inspector) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbbilmfbammlbbhmmgaagdkbkepnijn [2017-10-06]

CHR Extension: (Snap It Button) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclagiidcihmjfnlfdboggonemfhcklk [2017-03-12]

CHR Extension: (Social Book Post Manager) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfidlkcmdmmibngdfikhffffdmphjae [2017-09-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]

CHR Extension: (Visualping) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2017-08-15]

CHR Extension: (Gmail) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-06]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-22] (AVAST Software)

S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2018-11-22] (AVAST Software)

S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-02] (AVAST Software)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5736992 2014-10-17] (Fitbit, Inc.) [File not signed]

S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)

R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed]

S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)

S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)

R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [53288 2017-06-01] (Mozy, Inc.)

R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)

R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2013-12-10] (Lenovo)

S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2013-12-10] (Lenovo Group Limited)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49648 2015-01-15] ()

R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-22] (AVAST Software)

R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-22] (AVAST Software)

R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-22] (AVAST Software)

R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-22] (AVAST Software)

R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-22] (AVAST Software)

S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-22] (AVAST Software)

R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-22] (AVAST Software)

R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-22] (AVAST Software)

R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-11] (AVAST Software)

R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [512072 2018-11-26] (AVAST Software)

R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-22] (AVAST Software)

R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-22] (AVAST Software)

R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-22] (AVAST Software)

R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-22] (AVAST Software)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-11] (Malwarebytes)

R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2018-12-12] (Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2018-12-14] (Malwarebytes)

R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2018-12-14] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2018-12-14] (Malwarebytes)

R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2018-12-14] (Malwarebytes)

R1 mozyMiniFilter; C:\Windows\System32\DRIVERS\mozyMiniFilter.sys [46824 2018-10-17] (Mozy, Inc.)

R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)

R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

S3 urvpndrv; system32\DRIVERS\covpnv64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-12-14 20:25 - 2018-12-14 20:26 - 000000000 ____D C:\FRST

2018-12-14 20:23 - 2018-12-14 20:23 - 002417152 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64.exe

2018-12-14 20:18 - 2018-12-14 20:18 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Lynne\Downloads\rkill.exe

2018-12-14 16:55 - 2018-12-14 18:56 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2018-12-14 16:55 - 2018-12-14 16:55 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2018-12-14 16:55 - 2018-12-14 16:55 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2018-12-14 16:51 - 2018-12-14 19:42 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2018-12-12 22:44 - 2018-12-12 22:44 - 000000000 ____D C:\Users\Lynne\AppData\Local\{B2D14294-9E0E-48C6-9654-48126CD8B94A}

2018-12-11 16:44 - 2018-12-05 21:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-12-11 16:44 - 2018-11-28 17:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2018-12-11 16:44 - 2018-11-28 17:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2018-12-11 16:44 - 2018-11-28 17:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2018-12-11 16:44 - 2018-11-28 17:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2018-12-11 16:44 - 2018-11-28 17:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2018-12-11 16:44 - 2018-11-28 16:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2018-12-11 16:44 - 2018-11-28 16:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2018-12-11 16:44 - 2018-11-28 16:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2018-12-11 16:44 - 2018-11-28 16:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2018-12-11 16:44 - 2018-11-28 16:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2018-12-11 16:44 - 2018-11-15 14:46 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2018-12-11 16:44 - 2018-11-15 13:55 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2018-12-11 16:44 - 2018-11-14 22:00 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2018-12-11 16:44 - 2018-11-14 21:34 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2018-12-11 16:44 - 2018-11-14 20:51 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2018-12-11 16:44 - 2018-11-14 20:50 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2018-12-11 16:44 - 2018-11-12 23:54 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2018-12-11 16:44 - 2018-11-12 23:54 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2018-12-11 16:44 - 2018-11-12 23:42 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2018-12-11 16:44 - 2018-11-12 23:41 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2018-12-11 16:44 - 2018-11-12 23:40 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2018-12-11 16:44 - 2018-11-12 23:40 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2018-12-11 16:44 - 2018-11-12 23:39 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2018-12-11 16:44 - 2018-11-12 23:35 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2018-12-11 16:44 - 2018-11-12 23:33 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2018-12-11 16:44 - 2018-11-12 23:32 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2018-12-11 16:44 - 2018-11-12 23:30 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-12-11 16:44 - 2018-11-12 23:28 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2018-12-11 16:44 - 2018-11-12 23:28 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2018-12-11 16:44 - 2018-11-12 23:28 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2018-12-11 16:44 - 2018-11-12 23:28 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2018-12-11 16:44 - 2018-11-12 23:26 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2018-12-11 16:44 - 2018-11-12 23:21 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2018-12-11 16:44 - 2018-11-12 23:18 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2018-12-11 16:44 - 2018-11-12 23:13 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2018-12-11 16:44 - 2018-11-12 23:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2018-12-11 16:44 - 2018-11-12 23:13 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2018-12-11 16:44 - 2018-11-12 23:12 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2018-12-11 16:44 - 2018-11-12 23:11 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2018-12-11 16:44 - 2018-11-12 23:11 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-12-11 16:44 - 2018-11-12 23:10 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2018-12-11 16:44 - 2018-11-12 23:10 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2018-12-11 16:44 - 2018-11-12 23:07 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2018-12-11 16:44 - 2018-11-12 23:07 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2018-12-11 16:44 - 2018-11-12 23:06 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2018-12-11 16:44 - 2018-11-12 23:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2018-12-11 16:44 - 2018-11-12 23:05 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2018-12-11 16:44 - 2018-11-12 23:05 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2018-12-11 16:44 - 2018-11-12 23:04 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2018-12-11 16:44 - 2018-11-12 23:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2018-12-11 16:44 - 2018-11-12 23:03 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2018-12-11 16:44 - 2018-11-12 23:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2018-12-11 16:44 - 2018-11-12 22:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2018-12-11 16:44 - 2018-11-12 22:53 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2018-12-11 16:44 - 2018-11-12 22:52 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2018-12-11 16:44 - 2018-11-12 22:51 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2018-12-11 16:44 - 2018-11-12 22:51 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2018-12-11 16:44 - 2018-11-12 22:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2018-12-11 16:44 - 2018-11-12 22:50 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2018-12-11 16:44 - 2018-11-12 22:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2018-12-11 16:44 - 2018-11-12 22:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2018-12-11 16:44 - 2018-11-12 22:49 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2018-12-11 16:44 - 2018-11-12 22:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2018-12-11 16:44 - 2018-11-12 22:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2018-12-11 16:44 - 2018-11-12 22:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2018-12-11 16:44 - 2018-11-12 22:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2018-12-11 16:44 - 2018-11-12 22:42 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2018-12-11 16:44 - 2018-11-12 22:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2018-12-11 16:44 - 2018-11-12 22:38 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2018-12-11 16:44 - 2018-11-12 22:38 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2018-12-11 16:44 - 2018-11-12 22:37 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2018-12-11 16:44 - 2018-11-12 22:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2018-12-11 16:44 - 2018-11-12 22:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2018-12-11 16:44 - 2018-11-12 22:27 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2018-12-11 16:44 - 2018-11-12 22:18 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2018-12-11 16:44 - 2018-11-12 22:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2018-12-11 16:44 - 2018-11-12 22:15 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2018-12-11 16:44 - 2018-11-12 22:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2018-12-11 16:44 - 2018-11-11 12:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-12-11 16:44 - 2018-11-11 12:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2018-12-11 16:44 - 2018-11-11 12:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2018-12-11 16:44 - 2018-11-11 12:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-12-11 16:44 - 2018-11-11 12:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys

2018-12-11 16:44 - 2018-11-11 12:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2018-12-11 16:44 - 2018-11-11 12:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2018-12-11 16:44 - 2018-11-11 12:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2018-12-11 16:44 - 2018-11-11 11:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2018-12-11 16:44 - 2018-11-11 11:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2018-12-11 16:44 - 2018-11-11 11:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2018-12-11 16:44 - 2018-11-11 11:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2018-12-11 16:44 - 2018-11-11 11:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2018-12-11 16:44 - 2018-11-11 11:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2018-12-11 16:44 - 2018-11-11 11:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2018-12-11 16:44 - 2018-11-11 11:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2018-12-11 16:44 - 2018-11-11 11:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys

2018-12-11 16:44 - 2018-11-11 11:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2018-12-11 16:44 - 2018-11-11 11:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2018-12-11 16:44 - 2018-11-11 11:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2018-12-11 16:44 - 2018-11-11 11:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-12-11 16:44 - 2018-11-11 11:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2018-12-11 16:44 - 2018-11-11 11:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2018-12-11 16:44 - 2018-11-11 11:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys

2018-12-11 16:44 - 2018-11-11 11:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys

2018-12-11 16:44 - 2018-11-11 11:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys

2018-12-11 16:44 - 2018-11-11 11:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys

2018-12-11 16:44 - 2018-11-11 11:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2018-12-11 16:44 - 2018-11-11 11:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2018-12-11 16:44 - 2018-11-11 11:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2018-12-11 16:44 - 2018-11-11 11:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2018-12-11 16:44 - 2018-11-11 11:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2018-12-11 16:44 - 2018-11-11 11:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2018-12-11 16:44 - 2018-11-11 11:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-12-11 16:44 - 2018-11-11 11:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2018-12-11 16:44 - 2018-11-08 11:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2018-12-11 16:44 - 2018-11-08 11:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2018-12-11 16:44 - 2018-11-08 11:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2018-12

Attached Files

•  malwarebytes scan summary.txt   1.19KB   1 downloads
•  Addition.txt   53.78KB   2 downloads
•  SALog.txt   1.13KB   3 downloads
•  quick scan log.txt   266bytes   1 downloads

• Back to top

[Android 8888]

Hello scorpiotiger and welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.


Please go to Start > Control Panel > Programs > Programs and Features and remove this program:
FLV.com FLV Converter 7.1


Now please run the following fix by using FRST.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550
SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 urvpndrv; system32\DRIVERS\covpnv64.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST64.exe
Right-click the FRST64 icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

• Download AdwCleaner and move it to your computer Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator;
• Click Yes to accept the User Account Control security warning that may appear;
• Click on the blue button 'I AGREE';
• Click on the Scan Now button;
• Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
• Click on the Clean & Restart Now button;
• After the restart, a log will open when logging in. Please copy and paste the content of that log in your next reply.

 

 

In your next reply please post the contents of:
Fixlog.txt
AdwCleaner clean log. The log can be found in C:\AdwCleaner\AdwCleaner[Cxx].txt (where xx is a number, the highest number is the most recent and the one I need to see).

How is the computer running now? Does it still freezes randomly?
Please describe in detail what problems are you still experiencing with the computer.

 

Thank you.

Android 8888

[scorpiotiger]

I did the uninstall of FLV, but before I do the rest, I want to say that I did run the long scan from ESET.  And the machine didn't freeze.  amazingly.  so I will post the log from that here.  And, I ran with Quarantine on - so, should I still go ahead with the rest of your instructions about FRST (the copy/paste/run).  

Also, I was thinking last night.. this freeze only happens when the machine is idle (so far).  It is not a Blue Screen of Death.  It is a freeze - whatever is on the screen remains there..  you just can't do anything.  You have to reboot to bring it back up.  I recently accepted a 14 day Malwarebytes trial of their upgraded version.. and I'm wondering if their might be contention between that and the AVAST I have running.  Just a thought.

ok, here is my ESET from the long scan - um, wow.  not much.  my pc froze right after I saved it, so I didn't look at it till now - I will bring up ESET to see if there is anything more - can't believe there isn't more for the long scan:

12/15/2018 9:23:08 AM

Files scanned: 344039

Infected files: 12

Cleaned threats: 12

Total scan time 01:43:50

Scan status: Finished

[scorpiotiger]

I could not find any more logs - but I took a picture of what ESET found - except for the FSV, looks like old downloads of CCleaner.  which I like because it is a rather conservative cleaner.  
hmmm.. guess I can't past a picture.  I will attach it.

 

Attached Files

•  ESET long scan quarantine window 3.png   38.91KB   0 downloads

[scorpiotiger]

so, please let me know if I should continue with the instructions in your first reply after looking at the results from ESET long scan (as sparse as they are - maybe you can tell me where the real log would be).  Just want to make sure it is still ok to run the FRST fix as you have in your post.

Edited by scorpiotiger, 15 December 2018 - 02:51 PM.

[scorpiotiger]

I decided to run the FRST fix.  did that and it rebooted.  I checked the log and tried to paste it here before, but it froze.  which is the first time it has frozen when I've been doing something on the pc.  so, this time, I shut down the pc, and brought it back up.  It is ok now, so far.  I will post the log here, and precede with the rest of your instructions:
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018

Ran by Lynne (15-12-2018 16:15:29) Run:1

Running from C:\Users\Lynne\Desktop\cleanup PC\freezing problem\02 run FRST

Loaded Profiles: Lynne (Available Profiles: Lynne)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550

SearchScopes: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS550

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKU\S-1-5-21-1963669437-1985500675-3762882386-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

S3 urvpndrv; system32\DRIVERS\covpnv64.sys [X]

AlternateDataStreams: C:\Windows:nlsPreferences [386]

EmptyTemp:

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully

HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => removed successfully

HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found

"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully

HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found

"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully

HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found

"HKU\S-1-5-21-1963669437-1985500675-3762882386-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully

HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully

HKLM\System\CurrentControlSet\Services\urvpndrv => removed successfully

urvpndrv => service removed successfully

C:\Windows => ":nlsPreferences" ADS removed successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17010722 B

Java, Flash, Steam htmlcache => 613 B

Windows/system/drivers => 675820 B

Edge => 0 B

Chrome => 247876531 B

Firefox => 19398005 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 43323933 B

systemprofile32 => 86492 B

LocalService => 0 B

NetworkService => 140 B

Lynne => 95901891 B

 

RecycleBin => 0 B

EmptyTemp: => 412.6 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 16:16:12 ====

[scorpiotiger]

ran the adware cleaner.  here is the log:
 

# -------------------------------

# Malwarebytes AdwCleaner 7.2.5.0

# -------------------------------

# Build:    11-26-2018

# Database: 2018-12-07.1 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    12-15-2018

# Duration: 00:00:06

# OS:       Windows 7 Professional

# Cleaned:  3

# Failed:   0

 

 

***** [ Services ] *****

 

No malicious services cleaned.

 

***** [ Folders ] *****

 

Deleted       C:\ProgramData\Partner

 

***** [ Files ] *****

 

No malicious files cleaned.

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

No malicious tasks cleaned.

 

***** [ Registry ] *****

 

No malicious registry entries cleaned.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries cleaned.

 

***** [ Chromium URLs ] *****

 

Deleted       Ask

Deleted       AOL

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries cleaned.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs cleaned.

 

 

*************************

 

[+] Delete Tracing Keys

[+] Reset Winsock

 

*************************

 

AdwCleaner[S00].txt - [1323 octets] - [15/12/2018 16:45:34]

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Android 8888]

Hello scorpiotiger.

You did well running the scans. Thank you for the logs. They are looking good. The freeze issue is not malware related.

 

I recently accepted a 14 day Malwarebytes trial of their upgraded version.. and I'm wondering if their might be contention between that and the AVAST I have running.  Just a thought.

This can be a problem. Running more than one resident protection program of the same type (antivirus, firewall or anti-spyware program) at the same time can result in unwanted conflict.
It can reduce the effectiveness of both programs individually and can also slow down the performance of your computer.
If you want to keep both programs then please make sure they are not in resident mode at the same time. Otherwise you should add exclusions for both.
 

 

 

If you don't want to add exclusions for both programs and if you are not going to buy a license for Malwarebytes Premium I strongly suggest you deactivate the Premium Trial version so they can't conflict with each other.

To do that:

Open Malwarebytes.
On the left panel click on Settings.
Click on 'Account Details' tab.
Click on Deactivate Premium Trial button.
Click Yes.
Your Premium Trial version is deactivated and you are reverted to the Free version of Malwarebytes.

 

 

 

If you want to keep the Premium Trial version of Malwarebytes running alongside with Avast the next thing to do is to add exclusions from Avast Antivirus to Malwarebytes Premium Trial and vice-versa, in order they do not conflict to each other due to their real time protection.

Please read carefully the articles in the two links below to add exclusions in both programs:

How to Make Permanent Exclusions with Avast

How to Run Malwarebytes Alongside Another Antivirus


These are the Malwarebytes files to be added to Avast Exclusions List:

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
C:\Windows\system32\Drivers\farflt.sys
C:\Windows\System32\drivers\mbae64.sys
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\MBAMChameleon.sys
C:\Windows\System32\drivers\MBAMSwissArmy.sys
C:\Windows\System32\drivers\mwac.sys

Also please exclude the following folders too: (The complete folder)

C:\Program Files\Malwarebytes\Anti-Malware
C:\ProgramData\Malwarebytes\MBAMService
 

 

Please let me know what you decide to do. Are there any freezes still happening?

Thank you.

Android 8888

[scorpiotiger]

since I ran the adware cleanup, no more freezes.  but.. I won't be sure until I leave it overnight.

I decided to deactivate the premium trial of Malwarebytes.  AVAST has done pretty well for me as long as I don't run any of it's "solve pc problems" solutions.  But I was looking at Malwarebytes - just to see if I liked it better.  

but I can leave that to another time when I'm not so busy (with my job), and have time to really compare the two.

so.. I will get back to you tomorrow morning.  Thank you so much for your help and clear instructions.  

[scorpiotiger]

still good.  so I am going to assume that the scans and deactivating the Malware premium trial fixed it.  

But - what causes freezes?  Is it mainly contention of resources?  tight loops?  How does malware cause freezing?  I understand how the contention between Malwarebytes and AVAST can cause it, but don't understand how adware can.

Thanks.

[Android 8888]

Hello scorpiotiger.

 

I'm glad to know your computer is running well.

 

But - what causes freezes?  Is it mainly contention of resources?  tight loops?  How does malware cause freezing?  I understand how the contention between Malwarebytes and AVAST can cause it, but don't understand how adware can.

There are many reasons for a computer to freeze (hardware failure, overheating, software conflicts, outdated drivers and/or programs, malware, etc.).

Some forms of malware can take most of your system resources (software or hardware) in such a way as to leave it blocked.

In your case it was likely a software conflict between both Avast and Malwarebytes Premium due to their Real-Time protection being active at the same time.


To answer your question I recommend reading the articles below:

All about adware
What Causes a Computer to Freeze?
Why Does My Computer Freeze?
Slow Computer/browser? Check Here First; It May Not Be Malware


Please let me know what issues or concerns are you still experiencing with the computer.

Android 8888

[scorpiotiger]

Thank you.  Even if it was the conflict between Malwarebytes and Avast, maybe I got a few bugs out that weren't there before.  :)

Thank you for your help.  It looks like everything is back to working like before.  and thanks for the links.

[nasdaq]

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.