Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Amin (administrator) on PC (23-05-2019 14:21:50)
Running from C:\Users\paul\Desktop
Loaded Profiles: Amin (Available Profiles: Amin)
Platform: Windows 10 Pro Version 1803 17134.766 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> Registry
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Iain Patterson) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
() C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(f.lux Software LLC) C:\Users\paul\AppData\Local\FluxSoftware\Flux\flux.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe [776320 2019-04-27] (ExpressVPN)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [f.lux] => C:\Users\paul\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (f.lux Software LLC)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3503088 2016-09-26] (Electronic Arts)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [WhatsApp] => C:\Users\paul\AppData\Local\WhatsApp\Update.exe [2206640 2019-04-17] ()
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [799360 2019-04-27] (ExpressVPN)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8d4b710d-72f5-4894-8cf1-7c188bb6df8a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8ffb0387-866f-4d7a-a141-eb54099418c1}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-09-30] (LastPass)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-09-30] (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-09-30] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-09-30] (LastPass)
FireFox:
========
FF DefaultProfile: sj8zeqrc.default
FF ProfilePath: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default [2019-05-23]
FF Extension: (Anti-Paywall) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\Extensions\{e5322648-dfe4-4c45-b02d-44c61d545f2b}.xpi [2018-09-20]
FF Extension: (Baidu Search Update) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\features\{d7c12642-4ff0-471c-9d41-62f70956a568}\baidu-code-update@mozillaonline.com.xpi [2019-05-09]
FF Extension: (Firefox Monitor) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\features\{d7c12642-4ff0-471c-9d41-62f70956a568}\fxmonitor@mozilla.org.xpi [2019-05-09]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2019-03-25] [not signed]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-09-30] (LastPass)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-09-30] (LastPass)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxps://auctions.yahoo.co.jp/
CHR DefaultSearchURL: Profile 3 -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-05-23]
CHR Extension: (Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-21]
CHR Extension: (Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-21]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-20]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-28]
CHR Extension: (Do Not Track) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2018-09-21]
CHR Extension: (Adobe Acrobat) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2019-05-17]
CHR Extension: (Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-05-17]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2019-05-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mlcdlmnipofbmhgjajfobpeeikdejibj [2018-09-21]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-21]
CHR Extension: (Zoom for Twitter®) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nnpfigodphdaapfmkbgmkljndjckkegk [2019-04-12]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2019-04-12]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Extension: (Privacy Badger) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2019-02-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-09-21]
CHR Extension: (Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-21]
CHR Extension: (Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-21]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-21]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-21]
CHR Extension: (Adblock Plus) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-21]
CHR Extension: (Notifier for Gmail™) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-09-21]
CHR Extension: (Adobe Acrobat) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-21]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2018-09-21]
CHR Extension: (Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-09-21]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2018-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-21]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-21]
CHR Extension: (Google Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Google Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1364992 2019-05-17] (Microsoft Corporation)
S3 BcastDVRUserService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 BTAGService; C:\WINDOWS\System32\BTAGService.dll [514048 2018-11-09] (Microsoft Corporation)
R3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [399872 2018-11-09] (Microsoft Corporation)
S3 CaptureService; C:\WINDOWS\System32\CaptureService.dll [125952 2018-04-12] (Microsoft Corporation)
S3 CaptureService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [368640 2019-04-27] (Iain Patterson) [File not signed]
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe [1267696 2019-05-21] (Google Inc.)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-09-26] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-09-26] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [362296 2019-05-11] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [392704 2019-01-09] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [729088 2018-06-08] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1456640 2018-05-20] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
S3 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [92704 2019-01-09] (Microsoft Corporation)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-04-27] ()
S3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2019-05-21] (Malwarebytes)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvakwu.inf_amd64_0b3c1a15295d17ee\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation)
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45440 2019-04-27] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-23 14:16 - 2019-05-23 14:16 - 000040830 ____C C:\Users\paul\Desktop\Addition.txt
2019-05-23 14:15 - 2019-05-23 14:22 - 000028385 ____C C:\Users\paul\Desktop\FRST.txt
2019-05-20 14:58 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-20 14:58 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-20 14:58 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-20 14:58 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-20 14:58 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-20 14:58 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 14:58 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-20 14:58 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-20 14:58 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-20 14:58 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-20 14:58 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-20 14:58 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-20 14:58 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-20 14:58 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-20 14:58 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-20 14:58 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 14:58 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-20 14:58 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-20 14:58 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-20 14:58 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-20 14:58 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-20 14:58 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-20 14:58 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-20 12:15 - 2019-05-20 12:15 - 000552478 _____ C:\Users\paul\Downloads\Statement_31Mar2019.pdf
2019-05-20 10:06 - 2019-05-20 10:06 - 000002160 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ___DC C:\Users\paul\AppData\Local\IsolatedStorage
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ___DC C:\Users\paul\AppData\Local\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\ProgramData\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2019-05-20 10:05 - 2019-05-20 10:06 - 026179112 _____ (ExpressVPN) C:\Users\paul\Downloads\expressvpn_7.1.0.7514.exe
2019-05-17 08:13 - 2019-05-17 08:13 - 004062599 _____ C:\Users\paul\Downloads\THT_PatternsOfMotion_KYDerby2019.pdf
2019-05-14 20:15 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 20:15 - 2019-05-03 13:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-14 20:15 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 20:15 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 20:15 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 20:15 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 20:15 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 20:15 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 20:15 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 20:15 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 20:15 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 20:15 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 20:15 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 20:15 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 20:15 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 20:15 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 20:15 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 20:15 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 20:15 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 20:15 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 20:15 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 20:15 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 20:15 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 20:15 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 20:15 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 20:15 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 20:15 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 20:15 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 20:15 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 20:15 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 20:15 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 20:15 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 20:15 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 20:15 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 20:15 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 20:15 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 20:15 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 20:15 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 20:15 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 20:15 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 20:15 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 20:15 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 20:15 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 20:15 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 20:15 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 20:15 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 20:15 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 20:15 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 20:15 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 20:15 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 20:15 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 20:15 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 20:15 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 20:15 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 20:15 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 20:15 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 20:15 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 20:15 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 20:15 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 20:15 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 20:15 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 20:15 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 20:15 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 20:15 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 20:15 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 20:15 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 20:15 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 20:15 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 20:15 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 20:15 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 20:15 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 20:15 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 20:15 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 20:15 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 20:15 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 20:15 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 20:15 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 20:15 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 20:15 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-08 16:49 - 2019-05-15 07:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-27 19:01 - 2019-04-27 19:01 - 000045440 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2019-04-25 10:04 - 2019-04-25 10:04 - 000566875 ____C C:\Users\paul\Desktop\Hometiffin 3MM Bleed.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-23 14:21 - 2016-12-13 20:43 - 000000000 ____D C:\FRST
2019-05-23 14:12 - 2016-09-08 12:10 - 000000000 ____D C:\ProgramData\Origin
2019-05-23 14:10 - 2017-01-09 15:40 - 000000000 ___DC C:\Users\paul\AppData\LocalLow\Mozilla
2019-05-23 13:35 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-23 12:25 - 2016-10-07 03:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-23 11:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 08:54 - 2018-05-14 21:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-23 08:21 - 2018-02-22 20:43 - 000000000 ___DC C:\Users\paul\AppData\Roaming\WhatsApp
2019-05-22 21:00 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-22 20:34 - 2017-10-10 14:04 - 000000021 _____ C:\Users\paul\Downloads\b (1) (2).txt
2019-05-22 08:35 - 2015-04-24 00:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 08:35 - 2015-04-24 00:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-22 08:34 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-21 21:01 - 2017-10-10 14:04 - 000003896 _____ C:\Users\paul\Downloads\today (1) (2).txt
2019-05-21 08:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-21 08:36 - 2018-05-14 23:09 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-21 08:36 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-21 08:32 - 2018-05-14 23:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-21 08:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-21 08:32 - 2016-12-14 23:38 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-05-21 08:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-21 08:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-20 10:06 - 2016-09-08 12:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-17 16:39 - 2018-01-13 08:08 - 000000000 ____D C:\Program Files\rempl
2019-05-17 07:24 - 2013-08-22 16:44 - 000407740 __RSH C:\bootmgr
2019-05-16 23:00 - 2018-05-14 21:24 - 000000000 ____D C:\Users\paul
2019-05-16 16:49 - 2017-07-05 08:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-16 15:01 - 2018-05-14 23:05 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1912528622-4210353072-3792142533-1001
2019-05-16 15:01 - 2018-05-14 21:24 - 000002364 ____C C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-16 15:01 - 2016-02-08 19:46 - 000000000 ___RD C:\Users\paul\OneDrive
2019-05-15 19:44 - 2019-04-07 18:51 - 000000000 ____D C:\WINDOWS\Minidump
2019-05-15 07:49 - 2018-05-14 23:05 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 07:49 - 2018-05-14 23:05 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 07:48 - 2018-05-14 23:05 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-15 07:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-15 07:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-15 07:45 - 2018-05-14 21:22 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 07:44 - 2016-04-27 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-14 20:15 - 2015-04-26 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:13 - 2015-04-26 18:07 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-09 13:02 - 2017-10-18 07:20 - 000002155 ____C C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-05-09 08:51 - 2016-04-27 14:16 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-07 17:22 - 2016-12-19 11:05 - 000000000 ___DC C:\Users\paul\AppData\Local\CrashDumps
2019-05-04 00:53 - 2018-04-12 00:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-04 00:53 - 2018-04-12 00:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-01 14:49 - 2018-02-17 08:18 - 000000000 ___DC C:\Users\paul\AppData\Local\Packages
2019-04-23 17:42 - 2018-02-19 23:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories =======
2015-06-11 09:54 - 2015-06-11 09:54 - 000000093 ____C () C:\Users\paul\AppData\Roaming\ARCompanion.log
Some files in TEMP:
====================
2019-05-20 10:06 - 2019-05-20 10:06 - 000264320 ____C (ExpressVPN) C:\Users\paul\AppData\Local\Temp\ExpressVpn.Client.Setup.Helper.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-14 21:22
==================== End of FRST.txt ============================
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-24-2019
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Yahoo!\yset
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1705 octets] - [24/05/2019 08:42:28]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Amin [Administrator]
Started from : C:\Users\paul\Downloads\RogueKiller_portable64.exe
Signatures : 20190523_102638, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/05/24 09:02:34 (Duration : 00:08:47)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0BD6780F-CA42-4800-B9B4-C60BEE4E1262} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AAD27CE5-3BAF-437F-B300-05443B2DCEE6} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{732B1A2E-983F-4423-83DF-F412CA7F742C} -- [%ProgramFiles%\KMSpico\AutoPico.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A176E4BB-2F21-48B8-8B1E-BCB78C766539} -- [%ProgramFiles%\KMSpico\AutoPico.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6D21C8FE-1D7E-4B3D-8A20-54B9ECA8924D} -- [%ProgramFiles%\KMSpico\KMSELDI.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E48987FB-13EA-4C6E-A32E-FE834F7ED99C} -- [%ProgramFiles%\KMSpico\KMSELDI.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] KMSpico -- %ProgramFiles%\KMSpico -> Deleted