Hacked browser slow

**jackwil** · 2019-05-24, 10:07

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Amin (administrator) on PC (23-05-2019 14:21:50)
Running from C:\Users\paul\Desktop
Loaded Profiles: Amin (Available Profiles: Amin)
Platform: Windows 10 Pro Version 1803 17134.766 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Registry
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Iain Patterson) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
() C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(f.lux Software LLC) C:\Users\paul\AppData\Local\FluxSoftware\Flux\flux.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(WhatsApp) C:\Users\paul\AppData\Local\WhatsApp\app-0.3.2848\WhatsApp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe [776320 2019-04-27] (ExpressVPN)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [f.lux] => C:\Users\paul\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (f.lux Software LLC)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3503088 2016-09-26] (Electronic Arts)
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [WhatsApp] => C:\Users\paul\AppData\Local\WhatsApp\Update.exe [2206640 2019-04-17] ()
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [799360 2019-04-27] (ExpressVPN)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8d4b710d-72f5-4894-8cf1-7c188bb6df8a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8ffb0387-866f-4d7a-a141-eb54099418c1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1912528622-4210353072-3792142533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-09-30] (LastPass)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-09-30] (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2018-09-30] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2018-09-30] (LastPass)

FireFox:
========
FF DefaultProfile: sj8zeqrc.default
FF ProfilePath: C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default [2019-05-23]
FF Extension: (Anti-Paywall) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\Extensions\{e5322648-dfe4-4c45-b02d-44c61d545f2b}.xpi [2018-09-20]
FF Extension: (Baidu Search Update) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\features\{d7c12642-4ff0-471c-9d41-62f70956a568}\baidu-code-update@mozillaonline.com.xpi [2019-05-09]
FF Extension: (Firefox Monitor) - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\sj8zeqrc.default\features\{d7c12642-4ff0-471c-9d41-62f70956a568}\fxmonitor@mozilla.org.xpi [2019-05-09]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2019-03-25] [not signed]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-09-30] (LastPass)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-09-30] (LastPass)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 3
CHR HomePage: Profile 3 -> hxxps://auctions.yahoo.co.jp/
CHR DefaultSearchURL: Profile 3 -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-05-23]
CHR Extension: (Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-21]
CHR Extension: (Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-21]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-20]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-28]
CHR Extension: (Do Not Track) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2018-09-21]
CHR Extension: (Adobe Acrobat) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2019-05-17]
CHR Extension: (Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-05-17]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2019-05-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mlcdlmnipofbmhgjajfobpeeikdejibj [2018-09-21]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2019-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-21]
CHR Extension: (Zoom for Twitter®) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nnpfigodphdaapfmkbgmkljndjckkegk [2019-04-12]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2019-04-12]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR Extension: (Privacy Badger) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2019-02-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-09-21]
CHR Extension: (Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-21]
CHR Extension: (Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-21]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-21]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-21]
CHR Extension: (Adblock Plus) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-21]
CHR Extension: (Notifier for Gmail™) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-09-21]
CHR Extension: (Adobe Acrobat) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-21]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom [2018-09-21]
CHR Extension: (Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-09-21]
CHR Extension: (Yahoo Partner) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2018-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-21]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR Profile: C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-21]
CHR Extension: (Google Slides) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (Google Docs) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-26]
CHR Extension: (Google Search) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Gmail) - C:\Users\paul\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-15] (Adobe)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1364992 2019-05-17] (Microsoft Corporation)
S3 BcastDVRUserService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 BTAGService; C:\WINDOWS\System32\BTAGService.dll [514048 2018-11-09] (Microsoft Corporation)
R3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [399872 2018-11-09] (Microsoft Corporation)
S3 CaptureService; C:\WINDOWS\System32\CaptureService.dll [125952 2018-04-12] (Microsoft Corporation)
S3 CaptureService_3e46a6f; C:\WINDOWS\system32\svchost.exe [85472 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_3e46a6f; C:\WINDOWS\SysWOW64\svchost.exe [71456 2019-01-09] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [368640 2019-04-27] (Iain Patterson) [File not signed]
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe [1267696 2019-05-21] (Google Inc.)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-09-26] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-09-26] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 sedsvc; C:\Program Files\rempl\sedsvc.exe [362296 2019-05-11] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [392704 2019-01-09] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [729088 2018-06-08] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1456640 2018-05-20] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
S3 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [92704 2019-01-09] (Microsoft Corporation)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-04-27] ()
S3 ffusb2audio; C:\WINDOWS\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2019-05-21] (Malwarebytes)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvakwu.inf_amd64_0b3c1a15295d17ee\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-11] (NVIDIA Corporation)
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45440 2019-04-27] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-23 14:16 - 2019-05-23 14:16 - 000040830 ____C C:\Users\paul\Desktop\Addition.txt
2019-05-23 14:15 - 2019-05-23 14:22 - 000028385 ____C C:\Users\paul\Desktop\FRST.txt
2019-05-20 14:58 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-20 14:58 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-20 14:58 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-20 14:58 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-20 14:58 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-20 14:58 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 14:58 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-20 14:58 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-20 14:58 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-20 14:58 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-20 14:58 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-20 14:58 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-20 14:58 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-20 14:58 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-20 14:58 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-20 14:58 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-20 14:58 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-20 14:58 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 14:58 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 14:58 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-20 14:58 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-20 14:58 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-20 14:58 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-20 14:58 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-20 14:58 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-20 14:58 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-20 14:58 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-20 12:15 - 2019-05-20 12:15 - 000552478 _____ C:\Users\paul\Downloads\Statement_31Mar2019.pdf
2019-05-20 10:06 - 2019-05-20 10:06 - 000002160 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ___DC C:\Users\paul\AppData\Local\IsolatedStorage
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ___DC C:\Users\paul\AppData\Local\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\ProgramData\ExpressVPN
2019-05-20 10:06 - 2019-05-20 10:06 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2019-05-20 10:05 - 2019-05-20 10:06 - 026179112 _____ (ExpressVPN) C:\Users\paul\Downloads\expressvpn_7.1.0.7514.exe
2019-05-17 08:13 - 2019-05-17 08:13 - 004062599 _____ C:\Users\paul\Downloads\THT_PatternsOfMotion_KYDerby2019.pdf
2019-05-14 20:15 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 20:15 - 2019-05-03 13:14 - 000304144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-14 20:15 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 20:15 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 20:15 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 20:15 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 20:15 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 20:15 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 20:15 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 20:15 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 20:15 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 20:15 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 20:15 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 20:15 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 20:15 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 20:15 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 20:15 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 20:15 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 20:15 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 20:15 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 20:15 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 20:15 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 20:15 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 20:15 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 20:15 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 20:15 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 20:15 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 20:15 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 20:15 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 20:15 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 20:15 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 20:15 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 20:15 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 20:15 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 20:15 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 20:15 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 20:15 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 20:15 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 20:15 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 20:15 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 20:15 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 20:15 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 20:15 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 20:15 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 20:15 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 20:15 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:15 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 20:15 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 20:15 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 20:15 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 20:15 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 20:15 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 20:15 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 20:15 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 20:15 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 20:15 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 20:15 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 20:15 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 20:15 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 20:15 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 20:15 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 20:15 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 20:15 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 20:15 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 20:15 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 20:15 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 20:15 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 20:15 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 20:15 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 20:15 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 20:15 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 20:15 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 20:15 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 20:15 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 20:15 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 20:15 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 20:15 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 20:15 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 20:15 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 20:15 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 20:15 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 20:15 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 20:15 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 20:15 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 20:15 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 20:15 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 20:15 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 20:15 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 20:15 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 20:15 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 20:15 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 20:15 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 20:15 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 20:15 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 20:15 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 20:15 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:15 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 20:15 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 20:15 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 20:15 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-08 16:49 - 2019-05-15 07:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-27 19:01 - 2019-04-27 19:01 - 000045440 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapexpressvpn.sys
2019-04-25 10:04 - 2019-04-25 10:04 - 000566875 ____C C:\Users\paul\Desktop\Hometiffin 3MM Bleed.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-23 14:21 - 2016-12-13 20:43 - 000000000 ____D C:\FRST
2019-05-23 14:12 - 2016-09-08 12:10 - 000000000 ____D C:\ProgramData\Origin
2019-05-23 14:10 - 2017-01-09 15:40 - 000000000 ___DC C:\Users\paul\AppData\LocalLow\Mozilla
2019-05-23 13:35 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-23 12:25 - 2016-10-07 03:42 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-23 11:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-23 08:54 - 2018-05-14 21:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-23 08:21 - 2018-02-22 20:43 - 000000000 ___DC C:\Users\paul\AppData\Roaming\WhatsApp
2019-05-22 21:00 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-22 20:34 - 2017-10-10 14:04 - 000000021 _____ C:\Users\paul\Downloads\b (1) (2).txt
2019-05-22 08:35 - 2015-04-24 00:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 08:35 - 2015-04-24 00:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-22 08:34 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-21 21:01 - 2017-10-10 14:04 - 000003896 _____ C:\Users\paul\Downloads\today (1) (2).txt
2019-05-21 08:39 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-21 08:36 - 2018-05-14 23:09 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-21 08:36 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-21 08:32 - 2018-05-14 23:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-21 08:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-21 08:32 - 2016-12-14 23:38 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-05-21 08:31 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-05-21 08:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-21 08:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-20 10:06 - 2016-09-08 12:10 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-17 16:39 - 2018-01-13 08:08 - 000000000 ____D C:\Program Files\rempl
2019-05-17 07:24 - 2013-08-22 16:44 - 000407740 __RSH C:\bootmgr
2019-05-16 23:00 - 2018-05-14 21:24 - 000000000 ____D C:\Users\paul
2019-05-16 16:49 - 2017-07-05 08:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-16 15:01 - 2018-05-14 23:05 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1912528622-4210353072-3792142533-1001
2019-05-16 15:01 - 2018-05-14 21:24 - 000002364 ____C C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-16 15:01 - 2016-02-08 19:46 - 000000000 ___RD C:\Users\paul\OneDrive
2019-05-15 19:44 - 2019-04-07 18:51 - 000000000 ____D C:\WINDOWS\Minidump
2019-05-15 07:49 - 2018-05-14 23:05 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 07:49 - 2018-05-14 23:05 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 07:48 - 2018-05-14 23:05 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-15 07:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-15 07:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-15 07:45 - 2018-05-14 21:22 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 07:44 - 2016-04-27 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-14 21:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-14 20:15 - 2015-04-26 18:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 20:13 - 2015-04-26 18:07 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-09 13:02 - 2017-10-18 07:20 - 000002155 ____C C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2019-05-09 08:51 - 2016-04-27 14:16 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-07 17:22 - 2016-12-19 11:05 - 000000000 ___DC C:\Users\paul\AppData\Local\CrashDumps
2019-05-04 00:53 - 2018-04-12 00:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-04 00:53 - 2018-04-12 00:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-01 14:49 - 2018-02-17 08:18 - 000000000 ___DC C:\Users\paul\AppData\Local\Packages
2019-04-23 17:42 - 2018-02-19 23:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories =======

2015-06-11 09:54 - 2015-06-11 09:54 - 000000093 ____C () C:\Users\paul\AppData\Roaming\ARCompanion.log

Some files in TEMP:
====================
2019-05-20 10:06 - 2019-05-20 10:06 - 000264320 ____C (ExpressVPN) C:\Users\paul\AppData\Local\Temp\ExpressVpn.Client.Setup.Helper.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-14 21:22

==================== End of FRST.txt ============================

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-24-2019
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Yahoo!\yset

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1705 octets] - [24/05/2019 08:42:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Amin [Administrator]
Started from : C:\Users\paul\Downloads\RogueKiller_portable64.exe
Signatures : 20190523_102638, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/05/24 09:02:34 (Duration : 00:08:47)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0BD6780F-CA42-4800-B9B4-C60BEE4E1262} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AAD27CE5-3BAF-437F-B300-05443B2DCEE6} -- [%ProgramFiles%\KMSpico\Service_KMS.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{732B1A2E-983F-4423-83DF-F412CA7F742C} -- [%ProgramFiles%\KMSpico\AutoPico.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A176E4BB-2F21-48B8-8B1E-BCB78C766539} -- [%ProgramFiles%\KMSpico\AutoPico.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6D21C8FE-1D7E-4B3D-8A20-54B9ECA8924D} -- [%ProgramFiles%\KMSpico\KMSELDI.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E48987FB-13EA-4C6E-A32E-FE834F7ED99C} -- [%ProgramFiles%\KMSpico\KMSELDI.exe] -> Deleted
[PUP.HackTool (Potentially Malicious)] KMSpico -- %ProgramFiles%\KMSpico -> Deleted

**Juliet** · 2019-05-24, 14:10

Were you able to run the script I created?

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR DefaultSearchURL: Profile 3 -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
2019-05-20 10:06 - 2019-05-20 10:06 - 000264320 ____C (ExpressVPN) C:\Users\paul\AppData\Local\Temp\ExpressVpn.Client.Setup.Helper.exe
Task: {457D7BE4-AEE1-4178-80EE-7E492469AC77} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\paul\Desktop\J - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\paul\Desktop\simon - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What you posted was a scan run using Farbar Recovery Scan Tool (FRST)

**jackwil** · 2019-05-24, 15:30

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Amin (24-05-2019 14:27:11) Run:3
Running from C:\Users\paul\Desktop
Loaded Profiles: Amin (Available Profiles: Amin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR DefaultSearchURL: Profile 3 -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Profile 3 -> Yahoo
CHR DefaultSuggestURL: Profile 3 -> hxxps://uk.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
2019-05-20 10:06 - 2019-05-20 10:06 - 000264320 ____C (ExpressVPN) C:\Users\paul\AppData\Local\Temp\ExpressVpn.Client.Setup.Helper.exe
Task: {457D7BE4-AEE1-4178-80EE-7E492469AC77} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\paul\Desktop\J - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\paul\Desktop\simon - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Google => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => not found
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"C:\Users\paul\AppData\Local\Temp\ExpressVpn.Client.Setup.Helper.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{457D7BE4-AEE1-4178-80EE-7E492469AC77} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Users\paul\Desktop\J - Chrome.lnk => Shortcut argument removed successfully
C:\Users\paul\Desktop\simon - Chrome.lnk => Shortcut argument removed successfully
C:\Users\paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk => Shortcut argument removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\BitDefender Threat Scanner.dmp => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-05-2019 14:29:02)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{457D7BE4-AEE1-4178-80EE-7E492469AC77} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 14:29:02 ====

**Juliet** · 2019-05-25, 13:24

Let's check for remnants.

Open Malwarebytes Anti-Malware
click the Settings tab,at the top choose Protection and tick Scan for rootkits.
Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here.

~~

Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

**jackwil** · 2019-05-26, 12:40

Hi, nothing detected on the scans. PC running quicker now.

I use Chrome Extensions Ad Block, Privacy Badger, Ghostery and Gmail notifier. Are these add ons ok?

**Juliet** · 2019-05-26, 13:44

Originally Posted by jackwil

Hi, nothing detected on the scans. PC running quicker now.

I use Chrome Extensions Ad Block, Privacy Badger, Ghostery and Gmail notifier. Are these add ons ok?

It's all good news.

I think the addons/extensions you have are good, even tho I've never used Ghostery and GMail notifier.
I've tried to lead people into installing NoScript.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Google Chrome
https://chrome.google.com/webstore/d...jecmcbfeoakpjm

I think people get annoyed with the tool but, I find that if I leave the addons window open, I enable/disable it as needed.

~~~~~~~~~~~~~~~~~~~~~~

let me know if your ready to remove tools and quarantine folders.

**jackwil** · 2019-05-27, 14:59

Read

Thread: Hacked browser slow

Thread Tools

Display

Hybrid View

Posting Permissions