Jump to content


Photo

Possible email hacked

EMail hacked

  • This topic is locked This topic is locked
8 replies to this topic

#1 deejay

deejay

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 20 April 2020 - 08:53 AM

I would greatly appreciate someone looking at my laptop. I believe my email may ave been hacked or I may have some king of Malware. Thank you in advance for your valuable assistance. Also, I am having trouble getting a report from Malwarebytes (I am posting the one I did get). It is running a version I do not understand and even thought I followed your directions on how to download and run it, nothing in your instructions is the same as the download. I get a report but there is nothing in it. Please advise me on this issue. Thank you again.

 

Following are the logs requested I could get. I look forward to your response.

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/20/20
Scan Time: 10:38 AM
Log File: a3865962-8314-11ea-ad43-d8d0901fd98e.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22698
License: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: DESKTOP-4BTFCNR\harle

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 280114
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 03rd, March 2020
Running from:C:\Users\harle\Desktop (10:42:17 - 04/20/2020)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
McAfee VirusScan (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
McAfee VirusScan (Enabled - up to Date)
McAfee Firewall Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.330)
CCleaner (5.65)
Malwarebytes (4.1.0.56)
Mozilla Firefox (75.0)

***----------------Analysis Complete-------------------------***

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by harle (administrator) on DESKTOP-4BTFCNR (Dell Inc. Inspiron 3781) (20-04-2020 10:15:06)
Running from C:\Users\harle\Desktop
Loaded Profiles: harle (Available Profiles: harle)
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CYBERLINK CORPORATION.) C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2727.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2727.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f51939e52b944f4b\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f51939e52b944f4b\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_39c3e17a2e95f0ed\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_39c3e17a2e95f0ed\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_1\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MQS\QcShm.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\VUL\McVulCtr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.124.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [964600 2019-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSvc64.exe [1570400 2019-08-21] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3075176394-2249677514-1674298194-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3075176394-2249677514-1674298194-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-28] (Adobe Inc. -> Adobe)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.58\Installer\setup.exe [2020-04-17] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19166F6F-A575-4DF5-AFE8-D47D248A7E77} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {27438BDF-9CDE-4962-9105-4E8099CECC01} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-28] (Adobe Inc. -> Adobe)
Task: {323E3DD7-146B-4D6D-B5F1-82A8D65B8CFF} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {35730797-7705-4429-9C89-60AFEFBD4168} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [33984 2019-08-07] (Rivet Networks LLC -> DELL)
Task: {38FD1D16-ABCD-46D6-9BC0-C363E2B8DFD6} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D1BBBE1-D865-4667-8D17-063B3590B5D4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {41EDD021-469F-436B-925A-D7CE40CC51B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-13] (Google Inc -> Google LLC)
Task: {4AF8B10E-3F03-41F1-BB92-05CB7910524F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F1E2C34-7AA6-4893-B6FA-74597E722D89} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {4F278E5F-7A5A-47D2-9C05-88DE34C140CA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2045312 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CA2D5B1-0601-46B3-9AFC-B85E4F344B26} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-04-15] (McAfee, Inc. -> McAfee, LLC.)
Task: {75325CEF-2D19-4150-AC41-25122AA21BFA} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Task: {78BBAE7D-4A4C-4887-A48D-F574E2C8CF83} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
Task: {7C3D62DE-0E87-45F8-B84C-10A00F1A67BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-13] (Google Inc -> Google LLC)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {8601B792-DC63-4D59-ADF3-55394F1F4415} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {AB412F59-A312-4F75-91DB-8392FF890580} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {B1F67A4C-CE8D-4E05-87E9-C372106D574D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB24C244-841F-481F-AA7A-F00973E619CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D9175BCA-D849-4E3D-A437-E60BE9DDE677} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F56DDF33-4F96-443F-8D27-EF3B869C451A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{724cc60c-06db-4bee-a26e-5118f6fd88b2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bc37cf36-526e-489f-aa3f-36fe60c67de0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3075176394-2249677514-1674298194-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-3075176394-2249677514-1674298194-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)

Edge:
======
DownloadDir: C:\Users\harle\Downloads
Edge Profile: C:\Users\harle\AppData\Local\Microsoft\Edge\User Data\Default [2020-04-20]
Edge DownloadDir: C:\Users\harle\Downloads

FireFox:
========
FF DefaultProfile: z0v7lk6i.default-1577727643516
FF ProfilePath: C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516 [2020-04-20]
FF DownloadDir: C:\Users\harle\Desktop
FF Homepage: Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516 -> hxxp://www.yahoo.com/
FF Extension: (AdBlock — best ad blocker) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2020-04-06]
FF Extension: (Safer Search) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{b0a0f872-a93b-439d-a783-44690ee6ba4a}.xpi [2020-04-11] [UpdateUrl:hxxps://addons.safetybrowsing.com/oaff/updates.json]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2020-03-20] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-28] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-28] (Adobe Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [386976 2019-08-08] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [313488 2019-10-10] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38096 2020-01-24] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [308424 2019-11-25] (Dell Inc -> Dell Inc.)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{390B2FD0-FBDD-4C5B-8941-84FE350E4D02} [21304 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{390B2FD0-FBDD-4C5B-8941-84FE350E4D02} [21304 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36024 2020-02-14] (Dell Inc -> )
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-04] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-04] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1855976 2018-06-11] (Intel Corporation -> Intel Corporation)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\HfcDisableService.exe [1882800 2019-07-31] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2871264 2019-07-31] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [870248 2019-06-07] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [790376 2019-06-07] (Intel® Trust Services -> Intel® Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [337640 2018-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [538088 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-20] (Malwarebytes Inc -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-08] (McAfee, Inc. -> McAfee, LLC)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.58\elevation_service.exe [1125256 2020-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191768 2019-08-09] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2019-08-07] (Rivet Networks LLC -> CloudBees, Inc.)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe [2157744 2019-07-31] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [964600 2019-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2353352 2019-08-07] (Rivet Networks LLC -> Rivet Networks)
R2 WavesSysSvc; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSysSvc64.exe [1217120 2019-08-21] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-11] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2020-04-15] (Dell Inc. -> )
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [35704 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [78680 2018-06-11] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [71000 2018-06-11] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [402264 2018-06-11] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 HfAudio; C:\WINDOWS\System32\drivers\HfAudio.sys [91200 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [84008 2018-06-15] (Intel® Software -> Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98864 2018-06-11] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1035440 2019-07-31] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [74208 2019-07-31] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-20] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-20] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys [266128 2019-08-05] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2436376 2019-08-09] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1139640 2018-11-20] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [443480 2019-07-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScrHIDDriver2; C:\WINDOWS\System32\drivers\ScrHIDDriver2.sys [75800 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [132952 2019-08-07] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-04-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-20 10:15 - 2020-04-20 10:16 - 000028722 _____ C:\Users\harle\Desktop\FRST.txt
2020-04-20 10:14 - 2020-04-20 10:16 - 000000000 ____D C:\FRST
2020-04-20 10:09 - 2020-04-20 10:09 - 002281984 _____ (Farbar) C:\Users\harle\Desktop\FRST64.exe
2020-04-20 10:08 - 2020-04-20 10:08 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-04-20 10:08 - 2020-04-20 10:08 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-04-20 10:08 - 2020-04-20 10:08 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-04-20 10:08 - 2020-04-20 10:08 - 000000000 ____D C:\Users\harle\AppData\LocalLow\IGDump
2020-04-20 10:08 - 2020-04-20 10:08 - 000000000 ____D C:\Users\harle\AppData\Local\mbam
2020-04-20 10:07 - 2020-04-20 10:07 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-20 10:07 - 2020-04-20 10:07 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-04-20 10:07 - 2020-04-20 10:07 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-20 10:07 - 2020-04-20 10:07 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-04-20 10:07 - 2020-04-20 10:07 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-04-20 10:07 - 2020-04-20 10:07 - 000002031 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-04-20 10:07 - 2020-04-20 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-04-20 10:07 - 2020-04-20 10:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-04-20 10:07 - 2020-04-20 10:07 - 000000000 ____D C:\Program Files\Malwarebytes
2020-04-20 10:03 - 2020-04-20 10:03 - 001965536 _____ (Malwarebytes) C:\Users\harle\Desktop\MBSetup.exe
2020-04-15 13:56 - 2020-04-15 13:56 - 000002061 _____ C:\Users\Public\Desktop\McAfee LiveSafe.lnk
2020-04-15 13:56 - 2020-04-15 13:56 - 000002061 _____ C:\ProgramData\Desktop\McAfee LiveSafe.lnk
2020-04-15 13:56 - 2020-04-15 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-04-15 13:54 - 2019-06-04 04:13 - 000217912 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2020-04-15 13:53 - 2020-04-19 14:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-04-15 13:53 - 2020-04-15 13:53 - 000003332 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-04-15 13:52 - 2020-04-15 14:25 - 000000000 ____D C:\ProgramData\McInstTemp0290811586973150
2020-04-15 13:52 - 2020-04-15 13:54 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-04-15 13:52 - 2020-04-15 13:53 - 000000000 ____D C:\Program Files\McAfee.com
2020-04-15 13:52 - 2020-04-15 13:52 - 000003706 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-04-15 13:52 - 2020-04-15 13:52 - 000000000 ____D C:\Program Files\Common Files\AV
2020-04-15 13:51 - 2020-01-08 23:03 - 000554288 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2020-04-15 13:35 - 2020-04-15 13:35 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-15 13:21 - 2020-04-15 13:54 - 000000000 ____D C:\Program Files\Common Files\McAfee
2020-04-15 09:38 - 2020-04-15 09:38 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3075176394-2249677514-1674298194-1001
2020-04-15 09:37 - 2020-04-15 09:37 - 000002369 _____ C:\Users\harle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 09:33 - 2020-04-15 09:33 - 000000000 ____D C:\WINDOWS\Panther
2020-04-15 00:28 - 2020-04-15 00:28 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 00:28 - 2020-04-15 00:28 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 00:28 - 2020-04-15 00:28 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 00:28 - 2020-04-15 00:28 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 00:28 - 2020-04-15 00:28 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 00:28 - 2020-04-15 00:28 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 00:27 - 2020-04-15 00:28 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 00:27 - 2020-04-15 00:27 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 00:27 - 2020-04-15 00:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 00:27 - 2020-04-15 00:27 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 00:27 - 2020-04-15 00:27 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 00:27 - 2020-04-15 00:27 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15


#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 20 April 2020 - 11:00 AM

Hello deejay.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.
 

Also, I am having trouble getting a report from Malwarebytes (I am posting the one I did get). It is running a version I do not understand and even thought I followed your directions on how to download and run it, nothing in your instructions is the same as the download.

Yes, Malwarebytes changed the user interface since version 3. You ran well the latest version of the program. That is okay.

Now if you suspect your e-mail account has been hacked I strongly suggest you change your password immediately.


I see you have CCleaner installed on your laptop. I strongly advise you not to use the registry cleaning function. Registry Cleaners are known to be harmful to the system and should not be used for any reason there is. It's a known fact that using these programs can easily break a Windows installation, to the point where a complete re-installation might be needed.


That being said, please follow the instructions below, run the scans and post the logs for my review.

NOTICE: The following script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    FF Extension: (Safer Search) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{b0a0f872-a93b-439d-a783-44690ee6ba4a}.xpi [2020-04-11] [UpdateUrl:hxxps://addons.safetybrowsing.com/oaff/updates.json]
    FF Extension: (Safe Search powered by Yahoo) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2020-03-20] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
    EmptyTemp:
    End::
    
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

 

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your laptop should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

 

Please post the contents of both Fixlog.txt and AdwCleaner logs in your reply and let me know what issues do you still have with the laptop.

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 deejay

deejay

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 20 April 2020 - 01:18 PM

Hi, thank you for your assistance. I highlighted the items in the box and pressed control c but nothing happened. Can you please give me more direction on the following directions as I have no idea where to find these.

 

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.


#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 20 April 2020 - 03:57 PM

Hello deejay.

 

Okay, to run the script with the Farbar tool (FRST) you need to highlight the entire text inside the code box and then press the Control + C buttons at the same time. This will copy the text you highlighted into the clipboard.

 

  • Now open FRST and click the Fix button only once and wait.
  • Note: There's no need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log named Fixlog.txt in the same location it was run from.
  • Please copy and paste its contents into your reply.

 

Next, please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your laptop should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

In your next reply please post the entire contents of both Fixlog.txt and AdwCleaner logs.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 deejay

deejay

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 21 April 2020 - 07:39 AM

Good morning, I completed the scans as instructed. Following are the logs you requested.  Also, can you please explain to me what "whitelisted" is? When I open my email and click on one of the emails, it opens a new window and says I have to click on either Yahoo mail pro or whitelist Yahoo mail. Thank you for your very valuable assistance it is greatly appreciated.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020
Ran by harle (21-04-2020 09:19:05) Run:1
Running from C:\Users\harle\Desktop\SWI
Loaded Profiles: harle (Available Profiles: harle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF Extension: (Safer Search) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{b0a0f872-a93b-439d-a783-44690ee6ba4a}.xpi [2020-04-11] [UpdateUrl:hxxps://addons.safetybrowsing.com/oaff/updates.json]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2020-03-20] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{b0a0f872-a93b-439d-a783-44690ee6ba4a}.xpi => moved successfully
C:\Users\harle\AppData\Roaming\Mozilla\Firefox\Profiles\z0v7lk6i.default-1577727643516\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11616885 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 23158048 B
Edge => 23552 B
Chrome => 0 B
Firefox => 24672981 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 18891438 B
systemprofile32 => 18891438 B
LocalService => 18891438 B
NetworkService => 24036230 B
harle => 26604277 B

RecycleBin => 0 B
EmptyTemp: => 169.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:20:09 ====

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-21-2020
# Duration: 00:00:17
# OS:       Windows 10 Home
# Scanned:  31802
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellCommand|PowerManager   Folder   C:\Program Files\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Folder   C:\ProgramData\DELL\COMMANDPOWERMANAGER
Preinstalled.DellCommand|PowerManager   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}
Preinstalled.SmartByte   Folder   C:\Program Files\RIVET NETWORKS
Preinstalled.SmartByte   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIVET NETWORKS
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35730797-7705-4429-9C89-60AFEFBD4168}  
Preinstalled.SmartByte   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByte Telemetry
Preinstalled.SmartByte   Task   C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 



#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 22 April 2020 - 11:50 AM

Hello,

Thank you for the logs.

"whitelisted" means the list of legitimate items of something (services, apps, e-mails, company names, etc.). In short, it means "good" or reliable items or entries in a log. For instance a Microsoft signed entry is classified as legitimate, therefore is shown as "whitelisted".

Concerning Yahoo Email, I suggest you read this article:
https://www.thebalan...oo-mail-3515043


Finally I would like you to scan your laptop with ESET Online Scanner to search for leftovers.

Please download ESET Online Scanner and save it to your Desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your laptop. This may take some time to finish, so please be patient.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your Desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your Desktop (eset.txt) and copy and paste its contents into your next reply.

 

 

How is the laptop running now?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 deejay

deejay

    Member

  • Full Member
  • Pip
  • 84 posts

Posted 22 April 2020 - 03:30 PM

Thank you for the information. I ran the Eset but the re was no log to post. I want to thank you again for all of your valuable time and assistance I greatly appreciate it. Everything seems to be running great for now. I am going to make a 25.00 donation for your assistance, I wish it could be a lot more, but with no work things are a bit tight. Please stay safe and healthy.



#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 23 April 2020 - 04:55 PM

I'm glad to know your laptop is running well and thank you very much for your donation.


Below I have included a number of recommendations for how to protect your computer in order to prevent malware infections. Please consider using these ideas to help secure your computer.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe.

Android8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 29 April 2020 - 12:48 PM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button