1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Serious issues with our Laptop!

Discussion in 'Virus & Other Malware Removal' started by catlin, May 18, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Hi Group. Ok I have an Latitude Laptop. Running Win 7 Pro Service Pack 1. Intel processor w/64 bit operating system. To keep it simple I have no idea where the problem lies. I have CCcleaner and when I scan the registry file has over 150 entries. Save registry and attempt to remove. When I scan again the same reg keys show up. Slow to boot, flickering screen, etc. When I run Malwarebytes it comes up clean. No threats detected. OH, I forgot my techguy password and when I attempted to reset w/the link I was sent via email I was directed to an obscure site. It stated to use some strange password. Thanks so much in advance!

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz, Intel64 Family 6 Model 15 Stepping 2
    Processor Count: 2
    RAM: 2038 Mb
    Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 256 Mb
    Hard Drives: C: 74 GB (50 GB Free);
    Motherboard: Dell Inc., 0FT292
    Antivirus: Microsoft Security Essentials, Enabled and Updated
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi catlin,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • ( If it saves to your downloads folder, you will have to go there to launch it).
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    Post back and let me know if any problems doing this.
    askey127
     
  3. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
    Ran by admin (administrator) on HOME (20-05-2018 14:48:41)
    Running from C:\Users\admin\Desktop
    Loaded Profiles: admin (Available Profiles: admin & catalina)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-571685940-2386762001-198031125-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334016 2018-05-10] (Piriform Ltd)
    HKU\S-1-5-21-571685940-2386762001-198031125-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{0BDE84D2-F70A-45A3-80BB-741E155FD366}: [DhcpNameServer] 192.168.0.1 205.171.3.66
    Tcpip\..\Interfaces\{2365021A-7B22-4EBD-AFA7-8C235E4AC6BD}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-571685940-2386762001-198031125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    SearchScopes: HKU\S-1-5-21-571685940-2386762001-198031125-1001 -> DefaultScope {10D8842C-367F-4983-B8A7-431EEC174840} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v116-2_b
    SearchScopes: HKU\S-1-5-21-571685940-2386762001-198031125-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-571685940-2386762001-198031125-1001 -> {10D8842C-367F-4983-B8A7-431EEC174840} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v116-2_b

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-11-11] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-09] (REALiX(tm))
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
    R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-17] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-20] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-05-20] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-20] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-05-20] (Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 ST_ACCEL; C:\Windows\system32\drivers\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-05-20 14:48 - 2018-05-20 14:49 - 000005500 _____ C:\Users\admin\Desktop\FRST.txt
    2018-05-20 14:48 - 2018-05-20 14:48 - 000000000 ____D C:\FRST
    2018-05-20 14:46 - 2018-05-20 14:46 - 002413056 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
    2018-05-19 11:13 - 2018-05-19 11:13 - 000013394 _____ C:\Users\admin\Desktop\phone pics may 006.lnk
    2018-05-19 11:13 - 2018-05-19 11:13 - 000013232 _____ C:\Users\admin\Desktop\phone pics may 022.lnk
    2018-05-19 11:12 - 2018-05-19 11:12 - 000013394 _____ C:\Users\admin\Desktop\phone pics may 005.lnk
    2018-05-19 11:11 - 2018-05-19 11:11 - 000013394 _____ C:\Users\admin\Desktop\phone pics may 004.lnk
    2018-05-19 11:11 - 2018-05-19 11:11 - 000013394 _____ C:\Users\admin\Desktop\phone pics may 003.lnk
    2018-05-19 10:57 - 2018-05-19 11:07 - 000011988 _____ C:\Users\admin\Desktop\whirlpool.odt
    2018-05-19 09:50 - 2018-05-19 09:50 - 000000199 _____ C:\Users\catalina\Desktop\craigslist corpus christi, TX jobs, apartments, for sale, services, community, and events.url
    2018-05-19 09:45 - 2018-05-19 09:45 - 000000184 _____ C:\Users\catalina\Desktop\Tech Support Guy.url
    2018-05-19 09:43 - 2018-05-19 09:43 - 000000169 _____ C:\Users\catalina\Desktop\EBAY.url
    2018-05-19 09:40 - 2018-05-19 09:40 - 000000171 _____ C:\Users\catalina\Desktop\DuckDuckGo — Privacy, simplified..url
    2018-05-18 14:03 - 2018-05-18 14:03 - 000748192 _____ (TechGuy, Inc.) C:\Users\admin\Desktop\SysInfo.exe
    2018-05-18 13:58 - 2018-05-18 14:05 - 000012920 _____ C:\Users\admin\Desktop\Tech Guy.odt
    2018-05-17 18:30 - 2018-05-17 18:30 - 000000256 _____ C:\Users\admin\Desktop\Everyone MUST Read This BEFORE Posting for Help in This Forum Tech Support Guy.url
    2018-05-17 15:46 - 2018-05-20 13:41 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2018-05-17 15:45 - 2018-05-20 13:41 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-05-17 15:45 - 2018-05-20 13:41 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2018-05-17 15:45 - 2018-05-20 13:41 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2018-05-17 15:45 - 2018-05-17 15:45 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2018-05-17 15:42 - 2018-05-17 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-05-17 15:38 - 2018-05-17 15:38 - 000066964 _____ C:\Users\admin\Documents\cc_20180517_153756.reg
    2018-05-17 15:29 - 2018-05-17 15:31 - 015809656 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup542pro.exe
    2018-05-17 15:08 - 2018-05-17 15:08 - 000067902 _____ C:\Users\admin\Documents\cc_20180517_150832.reg
    2018-05-17 14:52 - 2018-05-17 14:52 - 000000082 _____ C:\Users\admin\Documents\cc_20180517_145236.reg twice.reg
    2018-05-17 14:51 - 2018-05-17 14:51 - 000000082 _____ C:\Users\admin\Documents\cc_20180517_145146.reg
    2018-05-17 14:08 - 2018-05-17 14:08 - 000064136 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
    2018-05-17 14:07 - 2018-05-17 14:07 - 000295688 _____ C:\Windows\system32\FNTCACHE.DAT
    2018-05-15 16:18 - 2018-05-15 16:18 - 000000000 ____D C:\Users\admin\Documents\STEVEN INFO
    2018-05-15 15:22 - 2018-05-15 15:22 - 000067564 _____ C:\Users\admin\Documents\cc_20180515_152211.reg
    2018-05-15 14:31 - 2018-05-16 18:23 - 000000568 _____ C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
    2018-05-15 14:31 - 2018-05-16 16:08 - 000003442 _____ C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task
    2018-05-15 10:34 - 2018-05-15 10:34 - 000000209 _____ C:\Users\admin\Desktop\Zero Hedge On a long enough timeline the survival rate for everyone drops to zero.url
    2018-05-14 19:14 - 2018-05-14 19:14 - 000000096 _____ C:\Users\admin\Documents\WRC365_Report.txt
    2018-05-14 18:23 - 2018-05-14 18:44 - 000000671 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\DuckDuckGo — Privacy, simplified..website
    2018-05-14 18:17 - 2018-05-14 18:17 - 000069162 _____ C:\Users\admin\Documents\cc_20180514_181705.reg
    2018-05-14 17:29 - 2018-05-14 17:29 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-05-14 17:29 - 2018-05-14 17:29 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-05-14 17:29 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2018-05-14 17:20 - 2018-05-14 17:27 - 072356616 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4610.exe
    2018-05-13 21:38 - 2018-05-16 19:52 - 000002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2018-05-13 17:48 - 2018-05-13 17:48 - 000066846 _____ C:\Users\admin\Documents\cc_20180513_174818.reg
    2018-05-11 15:39 - 2018-05-11 15:39 - 000002660 _____ C:\Users\admin\Desktop\java delete.txt
    2018-05-11 15:08 - 2018-05-11 15:08 - 000000264 _____ C:\Users\admin\Desktop\Poulan Pro 22 140cc Gas Engine Front-Wheel Drive 3-in-1 Lawn Mower - Walmart.com.url
    2018-05-11 12:47 - 2018-05-11 12:47 - 000000168 _____ C:\Users\admin\Documents\cc_20180511_124749.reg
    2018-05-10 19:17 - 2018-05-10 19:18 - 015813864 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup542.exe
    2018-05-10 18:59 - 2018-05-11 12:48 - 000003162 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
    2018-05-10 18:59 - 2018-05-11 12:48 - 000003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
    2018-05-10 18:58 - 2018-05-10 18:58 - 000000188 _____ C:\Users\admin\Documents\cc_20180510_185757.reg
    2018-05-08 22:52 - 2018-04-23 13:57 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-05-08 22:52 - 2018-04-23 13:02 - 000348832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-05-08 22:52 - 2018-04-22 19:35 - 005583552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-05-08 22:52 - 2018-04-22 19:35 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-05-08 22:52 - 2018-04-22 19:35 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-05-08 22:52 - 2018-04-22 19:35 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2018-05-08 22:52 - 2018-04-22 19:35 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-05-08 22:52 - 2018-04-22 19:12 - 004047040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2018-05-08 22:52 - 2018-04-22 19:12 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2018-05-08 22:52 - 2018-04-22 19:10 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-05-08 22:52 - 2018-04-22 19:07 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000512512 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 19:00 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:44 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2018-05-08 22:52 - 2018-04-22 18:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:32 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2018-05-08 22:52 - 2018-04-22 18:32 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-05-08 22:52 - 2018-04-22 18:32 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2018-05-08 22:52 - 2018-04-22 18:31 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2018-05-08 22:52 - 2018-04-22 18:28 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2018-05-08 22:52 - 2018-04-22 18:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
    2018-05-08 22:52 - 2018-04-22 18:27 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2018-05-08 22:52 - 2018-04-22 18:25 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2018-05-08 22:52 - 2018-04-22 18:24 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2018-05-08 22:52 - 2018-04-22 18:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2018-05-08 22:52 - 2018-04-22 18:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2018-05-08 22:52 - 2018-04-22 18:23 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2018-05-08 22:52 - 2018-04-22 18:23 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2018-05-08 22:52 - 2018-04-22 18:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2018-05-08 22:52 - 2018-04-22 18:19 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2018-05-08 22:52 - 2018-04-22 18:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2018-05-08 22:52 - 2018-04-22 18:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2018-05-08 22:52 - 2018-04-22 18:19 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2018-05-08 22:52 - 2018-04-22 18:18 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2018-05-08 22:52 - 2018-04-22 18:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 18:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2018-05-08 22:52 - 2018-04-22 03:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-05-08 22:52 - 2018-04-22 02:53 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2018-05-08 22:52 - 2018-04-22 02:53 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2018-05-08 22:52 - 2018-04-22 02:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-05-08 22:52 - 2018-04-22 02:39 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-05-08 22:52 - 2018-04-22 02:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-05-08 22:52 - 2018-04-22 02:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-05-08 22:52 - 2018-04-22 02:38 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2018-05-08 22:52 - 2018-04-22 02:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-05-08 22:52 - 2018-04-22 02:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-05-08 22:52 - 2018-04-22 02:31 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-05-08 22:52 - 2018-04-22 02:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-05-08 22:52 - 2018-04-22 02:27 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-05-08 22:52 - 2018-04-22 02:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-05-08 22:52 - 2018-04-22 02:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-05-08 22:52 - 2018-04-22 02:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-05-08 22:52 - 2018-04-22 02:26 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2018-05-08 22:52 - 2018-04-22 02:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-05-08 22:52 - 2018-04-22 02:18 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2018-05-08 22:52 - 2018-04-22 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2018-05-08 22:52 - 2018-04-22 02:15 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-05-08 22:52 - 2018-04-22 02:08 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-05-08 22:52 - 2018-04-22 02:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-05-08 22:52 - 2018-04-22 02:07 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-05-08 22:52 - 2018-04-22 02:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-05-08 22:52 - 2018-04-22 02:04 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-05-08 22:52 - 2018-04-22 02:04 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-05-08 22:52 - 2018-04-22 02:04 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2018-05-08 22:52 - 2018-04-22 02:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-05-08 22:52 - 2018-04-22 02:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2018-05-08 22:52 - 2018-04-22 02:02 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-05-08 22:52 - 2018-04-22 02:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2018-05-08 22:52 - 2018-04-22 02:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-05-08 22:52 - 2018-04-22 02:00 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-05-08 22:52 - 2018-04-22 01:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-05-08 22:52 - 2018-04-22 01:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2018-05-08 22:52 - 2018-04-22 01:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-05-08 22:52 - 2018-04-22 01:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-05-08 22:52 - 2018-04-22 01:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-05-08 22:52 - 2018-04-22 01:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2018-05-08 22:52 - 2018-04-22 01:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-05-08 22:52 - 2018-04-22 01:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-05-08 22:52 - 2018-04-22 01:49 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-05-08 22:52 - 2018-04-22 01:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-05-08 22:52 - 2018-04-22 01:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-05-08 22:52 - 2018-04-22 01:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2018-05-08 22:52 - 2018-04-22 01:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2018-05-08 22:52 - 2018-04-22 01:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2018-05-08 22:52 - 2018-04-22 01:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2018-05-08 22:52 - 2018-04-22 01:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2018-05-08 22:52 - 2018-04-22 01:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-05-08 22:52 - 2018-04-22 01:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-05-08 22:52 - 2018-04-22 01:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2018-05-08 22:52 - 2018-04-22 01:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2018-05-08 22:52 - 2018-04-22 01:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-05-08 22:52 - 2018-04-22 01:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-05-08 22:52 - 2018-04-22 01:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2018-05-08 22:52 - 2018-04-22 01:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-05-08 22:52 - 2018-04-22 01:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-05-08 22:52 - 2018-04-22 01:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-05-08 22:52 - 2018-04-22 01:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2018-05-08 22:52 - 2018-04-22 01:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-05-08 22:52 - 2018-04-22 01:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-05-08 22:52 - 2018-04-22 01:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-05-08 22:52 - 2018-04-22 01:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-05-08 22:52 - 2018-04-22 01:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-05-08 22:52 - 2018-04-18 11:03 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
    2018-05-08 22:52 - 2018-04-18 11:03 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
    2018-05-08 22:52 - 2018-04-18 10:51 - 000523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
    2018-05-08 22:52 - 2018-04-18 10:51 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
    2018-05-08 22:52 - 2018-04-18 10:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
    2018-05-08 22:52 - 2018-04-18 10:35 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
    2018-05-08 22:52 - 2018-04-11 11:38 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
    2018-05-08 22:52 - 2018-04-11 11:38 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
    2018-05-08 22:52 - 2018-04-11 11:36 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
    2018-05-08 22:52 - 2018-04-11 11:36 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2018-05-08 22:52 - 2018-04-10 14:45 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-05-08 22:52 - 2018-04-10 11:36 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2018-05-08 22:52 - 2018-04-10 11:36 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
    2018-05-08 22:52 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2018-05-08 22:52 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2018-05-08 22:52 - 2018-04-10 11:33 - 001241600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2018-05-08 22:52 - 2018-04-10 11:32 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2018-05-08 22:52 - 2018-04-10 11:00 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
    2018-05-08 22:52 - 2018-04-10 10:54 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2018-05-08 22:52 - 2018-04-10 10:48 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2018-05-08 22:52 - 2018-04-10 10:47 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2018-05-08 22:52 - 2018-04-10 10:47 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2018-05-08 22:52 - 2018-04-07 11:41 - 000371392 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2018-05-08 22:52 - 2018-03-18 17:16 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2018-05-08 22:52 - 2018-03-18 17:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2018-05-08 22:52 - 2018-03-14 12:16 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2018-05-08 22:52 - 2018-03-14 12:12 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2018-05-08 22:52 - 2018-03-14 12:12 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2018-05-08 22:52 - 2018-03-14 12:12 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2018-05-08 22:52 - 2018-03-14 12:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2018-05-08 22:52 - 2018-03-14 11:57 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2018-05-08 22:52 - 2018-03-14 11:57 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2018-05-08 22:52 - 2018-03-14 11:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2018-05-08 22:52 - 2018-03-14 11:57 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2018-05-08 22:52 - 2018-03-14 11:53 - 002651648 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2018-05-08 22:52 - 2018-03-14 11:53 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2018-05-08 22:52 - 2018-03-14 11:52 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2018-05-08 22:52 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2018-05-08 22:52 - 2018-03-14 11:52 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2018-05-08 22:52 - 2018-03-14 11:52 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2018-05-08 22:52 - 2018-03-14 11:52 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2018-04-30 10:26 - 2018-05-18 09:14 - 000000280 _____ C:\Users\admin\Desktop\GSA Fleet Vehicle Sales.url
    2018-04-28 11:25 - 2018-04-28 11:25 - 000001208 _____ C:\Users\admin\Documents\cc_20180428_112457.reg
    2018-04-27 19:57 - 2018-04-27 19:57 - 000000182 _____ C:\Users\admin\Desktop\Moon of Alabama.url
    2018-04-27 16:47 - 2018-04-27 16:47 - 000001752 _____ C:\Users\admin\Documents\cc_20180427_164738.reg
    2018-04-27 15:42 - 2018-04-27 15:42 - 000000168 _____ C:\Users\admin\Documents\cc_20180427_154217.reg
    2018-04-26 17:25 - 2018-04-26 17:30 - 000000609 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\You’re not connected to a network.website
    2018-04-26 16:54 - 2018-04-26 16:54 - 000000908 _____ C:\Users\admin\Documents\cc_20180426_165421.reg
    2018-04-26 16:52 - 2018-04-26 16:52 - 000031654 _____ C:\Users\admin\Documents\cc_20180426_165159.reg
    2018-04-26 16:05 - 2018-04-26 16:05 - 000000890 _____ C:\Users\admin\Documents\cc_20180426_160513.reg
    2018-04-26 15:07 - 2018-04-26 15:07 - 000003290 _____ C:\Users\admin\Documents\duplicate.txt
    2018-04-26 08:03 - 2018-04-23 17:15 - 000000442 ___SH C:\Users\admin\Documents\desktop (2).ini
    2018-04-26 08:00 - 2018-05-15 16:18 - 000000000 ____D C:\Users\admin\Desktop\comp probs
    2018-04-26 07:10 - 2018-04-26 07:13 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
    2018-04-25 21:37 - 2018-04-25 21:37 - 000000171 _____ C:\Users\admin\Desktop\DuckDuckGo — Privacy, simplified..url
    2018-04-25 18:48 - 2018-04-25 18:48 - 000000179 _____ C:\Users\admin\Desktop\Tech Support Guy.url
    2018-04-24 16:14 - 2018-04-24 16:14 - 000000464 _____ C:\Users\admin\Documents\cc_20180424_161111.reg
    2018-04-24 14:06 - 2018-04-24 14:06 - 000000778 _____ C:\Users\admin\Documents\cc_20180424_140654.reg
    2018-04-24 13:44 - 2018-04-24 13:44 - 000000000 ____D C:\Program Files\Microsoft Games
    2018-04-23 19:31 - 2018-05-11 10:46 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-04-23 16:42 - 2018-04-23 16:42 - 000000894 _____ C:\Users\admin\Documents\cc_20180423_164243.reg
    2018-04-23 16:30 - 2018-04-23 16:30 - 000002822 __RSH C:\ProgramData\ntuser.pol
    2018-04-23 15:22 - 2018-04-23 15:22 - 000001212 _____ C:\Users\admin\Documents\cc_20180423_152250.reg
    2018-04-22 10:12 - 2018-05-05 10:44 - 000000390 _____ C:\Users\admin\Desktop\A Shocking Lack of Intelligence in Our Missile Strike on Syria - Truthdig.url
    2018-04-21 17:14 - 2018-04-21 17:14 - 000000000 ____D C:\Users\admin\Documents\FW__letters
    2018-04-21 14:28 - 2018-04-21 14:28 - 000000826 _____ C:\Users\admin\Documents\cc_20180421_142820.reg

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-05-20 14:11 - 2009-07-13 23:45 - 000032800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-05-20 14:11 - 2009-07-13 23:45 - 000032800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2018-05-20 13:49 - 2018-03-27 14:18 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
    2018-05-20 13:45 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
    2018-05-20 13:40 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-05-18 13:03 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-05-17 15:34 - 2018-03-27 14:18 - 000000000 ____D C:\Program Files\CCleaner
    2018-05-15 16:06 - 2018-03-02 18:27 - 000000000 ___RD C:\Users\admin\Documents\Scanned Documents
    2018-05-15 15:26 - 2017-11-20 15:13 - 000000000 ____D C:\Users\admin\AppData\Local\Google
    2018-05-15 15:02 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
    2018-05-15 12:57 - 2018-03-03 16:30 - 000000338 _____ C:\Users\admin\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos.url
    2018-05-14 18:58 - 2009-07-14 00:32 - 000000000 ____D C:\Windows\Downloaded Program Files
    2018-05-14 16:40 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
    2018-05-14 16:08 - 2018-03-11 15:30 - 000000000 ____D C:\Users\catalina\AppData\Local\Google
    2018-05-14 07:34 - 2017-02-07 21:37 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2018-05-14 07:33 - 2017-02-07 21:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-05-11 13:28 - 2009-07-14 00:08 - 000032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2018-05-11 06:41 - 2018-03-03 19:50 - 000000000 ____D C:\ProgramData\ProductData
    2018-05-10 22:31 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
    2018-05-09 03:11 - 2017-02-07 21:44 - 000000000 ____D C:\Windows\system32\MRT
    2018-05-09 03:08 - 2018-03-09 12:10 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2018-05-09 03:08 - 2017-02-07 21:44 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2018-05-09 03:03 - 2017-02-07 21:52 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2018-04-27 17:31 - 2018-04-17 10:30 - 000000022 _____ C:\Users\admin\Documents\FW__letters.zip
    2018-04-27 16:16 - 2018-04-18 08:23 - 000000000 ____D C:\Program Files (x86)\Google
    2018-04-24 13:48 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2018-04-24 12:34 - 2018-03-09 14:35 - 000000147 _____ C:\Users\admin\Documents\ebay and gamil.txt
    2018-04-23 15:45 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-18 18:00

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
    Ran by admin (20-05-2018 14:50:56)
    Running from C:\Users\admin\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2017-11-20 20:05:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    admin (S-1-5-21-571685940-2386762001-198031125-1001 - Administrator - Enabled) => C:\Users\admin
    Administrator (S-1-5-21-571685940-2386762001-198031125-500 - Administrator - Disabled)
    catalina (S-1-5-21-571685940-2386762001-198031125-1004 - Limited - Enabled) => C:\Users\catalina
    Guest (S-1-5-21-571685940-2386762001-198031125-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-571685940-2386762001-198031125-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => -> No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05BBFD8A-8994-4297-A84C-969F540A80C1} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
    Task: {285C6AA4-4F6D-4420-B371-F5C2AFFD7A35} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {5B034FB7-1201-42FB-ACF4-69D5BFA79936} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-10] (Piriform Ltd)
    Task: {5E9192CE-319D-4FB5-A1EC-046C15057C81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {809860FD-51BE-4844-B966-BC3B6CDA6E28} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
    Task: {BAD58694-6B96-4DCC-8B56-3F1942983328} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {EB0E6C0A-CA4D-45EB-A1B2-E94023876BB9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
    Task: {FB784D68-988C-4C08-B022-4170335C12F4} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-05-14 17:29 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-05-14 17:29 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-04-24 04:16 - 2018-04-24 04:16 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-571685940-2386762001-198031125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

    ==================== Restore Points =========================

    12-05-2018 06:27:44 Windows Update
    14-05-2018 16:01:51 deleteing reg keys via cc cleaner
    14-05-2018 19:29:28 Created by Wise Care 365
    15-05-2018 07:29:09 Windows Update
    16-05-2018 08:58:14 Microsoft Antimalware Checkpoint
    17-05-2018 14:40:22 u
    18-05-2018 15:54:24 Windows Update
    20-05-2018 14:04:53 silverlight delte reg keys

    ==================== Faulty Device Manager Devices =============

    Name: Remote Desktop Device Redirector Bus
    Description: Remote Desktop Device Redirector Bus
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: rdpbus
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2018 01:41:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/19/2018 09:05:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/19/2018 10:16:36 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (05/19/2018 10:16:36 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (05/19/2018 10:16:36 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (05/19/2018 10:16:36 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (05/19/2018 10:16:34 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (05/19/2018 10:16:34 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
    Description: The Windows Search Service cannot load the property store information.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


    System errors:
    =============
    Error: (05/20/2018 02:39:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/20/2018 01:42:39 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

    Error: (05/20/2018 01:41:35 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Network Inspection System

    Error Code: 0x80070714

    Error description: The specified image file did not contain a resource section.

    Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

    Error: (05/20/2018 10:56:02 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/20/2018 08:26:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/19/2018 09:19:03 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Network Inspection System

    Error Code: 0x80070714

    Error description: The specified image file did not contain a resource section.

    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Error: (05/19/2018 09:05:03 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Network Inspection System

    Error Code: 0x80070714

    Error description: The specified image file did not contain a resource section.

    Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

    Error: (05/19/2018 10:16:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
    Percentage of memory in use: 71%
    Total physical RAM: 2038.12 MB
    Available physical RAM: 590.65 MB
    Total Virtual: 4076.12 MB
    Available Virtual: 2624.37 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.04 GB) (Free:50.01 GB) NTFS

    \\?\Volume{635a3df0-ce52-11e7-856f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 74.5 GB) (Disk ID: 38503BEA)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    Hi. I didn't have any problem downloading or running Farbar scan tool. I did run Malwarbytes and found a Trojan. It had been quarantined so I removed it, reran and the Trojan should back up. I uninstalled Wise Clean and must say I am surprised to find it on the scan. I have attempted to update all programs but without success. I have found many strange files which are hidden and restricted. Please help!!! I have been using this computer everyday and am concerned! Thank you so very much for your response. I truly am appreciative.

    Caitlin
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,994
    First Name:
    Frank
    You appear to have about a 10-year old Dell Latitude D620 laptop.
    What's the 7-character "service tag" number on yours?

    -------------------------------------------------------------
     
  5. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Ha! Actually 11 years old. Service tag- 35P3YC1. Bios Versions= A08 (04-03-2007). I used to go to the computer center here on our island where I would go to banking sites, etc. Hurricane Harvey destroyed our little island so we are doing the best we can. Anyway, I don't know if this laptop is worth attempting to fix. I can simply browse. Thank you for your input Frank!
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    78,994
    First Name:
    Frank
    According to that service tag number, you have THIS Dell Latitude D620 laptop.
    Because it's more than 10 years old, Dell no longer lists the hardware and Windows operating system it came with.
    It has a very weak processor and only 2 GB of RAM, so it's going to have the speed and performance of a turtle when used for certain functions.
    It's also 11 years old and has almost no value, so investing money into it for repairs or hardware upgrades isn't feasible.
    You can buy a more modern and much faster refurbished laptop with Windows 7 or Windows 10 for $300 - $400.

    I'm not a Malware Specialist, so askey127 will need to advise you from here on.
    As soon as he's back on-line, I'm sure he will reply to your Furbar Scan Tool log.
    Good luck.

    --------------------------------------------------------------
     

    Attached Files:

    Last edited: May 20, 2018
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Caitlin,
    Many of the Fix/Repair applications are loaded with tracking or other undesirable features.
    They also frequently fail to Uninstall completely.
    Best avoid Wise and IOBit utilities on this machine.
    Let's run a few fixes and tests before we resign this laptop to the trash heap.

    Also, please don't ever use the Registry part of CCleaner from now on.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    -----------------------------------------
    After you get the Fixlog.txt report,
    Go to Start, and type cmd
    Then in the popup menu, Right click cmd.exe and choose "run as administrator"
    In the black command window at the cursor, type
    chkdsk c:
    (there's a space after chkdsk)
    Wait for it and note whatever it tells you.
    Toward the end when it finishes, note whether it reports any bad sectors.
    If it doesn't finish, tell me what message it shows.

    So we are looking for the contents of the Fixlog.txt report and your observation from the chkdsk routine.
    askey127
     

    Attached Files:

    Last edited: May 21, 2018
  8. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Hi,

    I need to begin by stating that I "scanned" FRST64! Crap! :( I don't know how this will affect the results the outcome! Please find attached the results of the Fixlog.txt. After running chkdsk- 0 bad sectors were found.

    In addition I would like to express my thanks to you regarding IObit and CCleaner registry.

    Thank you in advance for your assistance!!!
     

    Attached Files:

  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Catlin,
    I wouldn't be shocked to find that it's running better already.
    First, please delete, on your desktop, all versions of FRST.txt, additions.txt, fixlog.txt and fixlist.txt
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    We will get this improved, at least.
    askey127
     
  10. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Hi again! Thank you and scans attached!
    Thank you for your time and effort!
     

    Attached Files:

  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Catlin,
    You are doing well, so I will give you a few things to do at once.
    Only a few issues left to check.
    First, most people don't need Java any more. I would suggest Uninstalling it from Control Panel. It's a known security risk.
    (Javascript is OK and included with your browsers, not the same as Java).

    Restart your machine.
    -------------------------------------------------------------
    Download MyDefrag from here and Install it : https://filehippo.com/download_mydefrag/
    After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
    (Click System Disk Monthly and then check C: drive, click Run)
    Wait for it. It goes through 6 Zones. It may take an hour or two, depending on how badly the HD is scrambled.
    The Window will be labeled Finished at the top when it is done.
    Going forward, you can run it in System Disk Daily mode, but once every few weeks is sufficient.
    It will finish a lot faster in the ensuing runs.
    (This program is for Vista/Win 7 only).

    Let's verify that your system files are OK
    -------------------------------------------------------------
    Go to Start and type cmd into the box.
    In the popup menu that appears, right click the top entry, cmd.exe, and choose "run as administrator".
    In the black window that opens, type this at the prompt:
    sfc /scannow
    (There is a space after sfc). Hit the <Enter> key.
    Don't close the black box until the process is complete.
    When it finishes, note the content of any message that appears.
    It will most likely be one of the following:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
    Let me know which message you get, and how goes the machine.

    askey127
     
    Last edited: May 22, 2018
  12. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Hi there. OK I deleted Java from Control Panel and any hidden Java residue I could find. After running Sfc/scannow found: •Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

    I believe the system appears to be running more efficiently. I have been extremely cautious concerning any and all personal data being compromised. Other than that, I feel my system is more secure?

    Once again, thank you so very much for all your assistance and am more than appreciative!

    Sincerely,

    Catlin
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Catlin,
    We have probably done about all we can for the machine.

    I would suggest using Firefox as your default browser if possible.
    You can set Duckduckgo as home page and do Add-Ons > Extensions to install "uBlock origin".
    You don't really need any other extensions.
    It is somewhat more secure than Internet Explorer.
    (I realize the bookmarks in FF are somewhat less convenient than the Favorites in IE).

    In CCleaner, you can go to Options > Settings and Unset the box to check for updates.
    CCleaner has been acquired by Avast/AVG and newer versions could have attached adware.
    If your CCleaner has a "toolbar", don't use it. Same goes for the Registry section, as mentioned earlier.
    You should be OK.

    Best of luck going forward.
    askey127
     
    Last edited: May 22, 2018
  14. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Hi there askey127,

    I simply wish to express my gratitude. I will follow your additional advise concerning Firefox.

    Thank you for all your time and assistance.

    Most sincerely,

    Catlin
     
  15. catlin

    catlin Thread Starter

    Joined:
    Aug 25, 2013
    Messages:
    10
    Thank you!
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Serious issues Laptop
  1. buttkiss
    Replies:
    12
    Views:
    1,021
  2. hudstore44
    Replies:
    1
    Views:
    434
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1210385

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice