Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Request Assistance - Infection where I can't open folders

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Request Assistance - Infection where I can't open folders

Unread postby giffordal » February 2nd, 2020, 1:21 am

Dear Malware Removal Team,

I hope you can help me. This morning I was surfing the web and visited a site I should not have. After a few seconds and without my knowledge, the site opened a new webpage in a different tab which stated it was from "Microsoft Windows Official Help and Services." This site froze my computer preventing me from switching to any other webpages and it told me to call a number on the screen for help. I knew this was a scam so I opened up my Task Manager and closed out of Google Chrome, and restarted my computer. I later checked my history, and I was redirected to this malicious page by "dentaint pro" which I believe may be an adware virus. When I restarted my computer a few minutes later, I learned to my dismay that the page had loaded something malicious onto my system since I learned that it had completed disabled my ability to open any file folders anywhere in my computer! I've never experienced anything like this. Whenever I try to open a file folder on my desktop or anywhere else, it simply doesn't open and I can't get access to any of my files. It's frustrating and worrisome. I've restarted my computer 3 times and I keep experiencing this same problem.

After restarting my computer, I did a full scan of my computer using the McAfee antivirus program I pay for and it said that it detected no problems. I later tried a scan using TrojanKiller and it found 1 threat: Adware.InstallCore.sb!c located at C:\Users\Al\Downloads\JDownloaderSetup.exe. I don't know how accurate TrojanKiller is nor do I pay for it so I haven't done anything with this scan. I have used a program called JDownloader for several years without any problems.

After a search on Google, I found this forum which I am hopeful can help me. Pursuant to your instructions, I am copying the contents of the FRST text file below. I have attached the Addition text file since there was not enough space to copy it in this space. Please let me know if you have any questions and what the next steps are. I wish to thank the considerate person who helps me for their time and assistance.
Al

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-02-2020
Ran by Al (administrator) on DESKTOP-CC6KRI6 (Dell Inc. Vostro 3470) (01-02-2020 22:36:21)
Running from C:\Users\Al\Downloads
Loaded Profiles: Al (Available Profiles: Al)
Platform: Windows 10 Pro Version 1909 18363.592 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GridinSoft, LLC -> Gridinsoft LLC) C:\Program Files\Trojan Killer\tk64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9de8154b682af864\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3a8cbc27c6d7029f\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3a8cbc27c6d7029f\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\mcautoreg.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.2.117.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Al\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe [1222536 2018-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [127480 2017-11-06] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [669128 2018-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-21] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {140A6D8E-F6FE-4C37-9B5F-B55A2BC34ACA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040688 2019-09-10] (McAfee, LLC. -> McAfee, LLC.)
Task: {23D509E3-1090-44FA-9B0A-DACA42E006F5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.111\DADUpdater.exe [4145800 2019-11-15] (McAfee, Inc. -> McAfee, Inc.)
Task: {42FAC576-6845-4BC3-AEE4-52ADA1A795E0} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5493E414-A317-4D68-8807-48B5D4EC5AE5} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040688 2019-09-10] (McAfee, LLC. -> McAfee, LLC.)
Task: {7452CDA3-A85E-44BE-AE17-58813B24AD1E} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2019-12-12] (McAfee, Inc. -> McAfee, LLC.)
Task: {B2F2D43B-5027-46F6-9785-E3429A63B60C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552376 2019-08-20] (McAfee, LLC -> McAfee, LLC.)
Task: {BD22BB8F-8135-476E-B0EC-A074DCA01088} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1519064 2020-01-14] (Dell Inc. -> Dell Inc.)
Task: {CB1A18A4-9D61-4EC9-A589-AB8FBCD0CF9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-15] (Google Inc -> Google Inc.)
Task: {F6E82B33-33A8-420C-B9A7-DBD017736865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-15] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{938e3470-e767-4089-8b41-734027809a1d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fa770cb6-56b1-4f5a-99d6-a27a1bda7fcd}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2755259552-3065841404-3207337303-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-2755259552-3065841404-3207337303-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-2755259552-3065841404-3207337303-1001 -> DefaultScope {D4EB326C-2EA2-4AC2-8F0F-395CC6C0EAB3} URL =
SearchScopes: HKU\S-1-5-21-2755259552-3065841404-3207337303-1001 -> {D4EB326C-2EA2-4AC2-8F0F-395CC6C0EAB3} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)

FireFox:
========
FF DefaultProfile: t3cbnkhl.default
FF ProfilePath: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\t3cbnkhl.default [2020-01-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-01-24]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-11-20] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-09-17] (McAfee, LLC. -> )
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-09-17] (McAfee, LLC. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2020-02-01]
CHR Notifications: Default -> hxxps://my.jdownloader.org
CHR Extension: (Slides) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-15]
CHR Extension: (Docs) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-15]
CHR Extension: (Google Drive) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-15]
CHR Extension: (YouTube) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-15]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-04-06]
CHR Extension: (Sheets) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [416064 2018-04-23] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe [964592 2020-01-19] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2593848 2018-02-22] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905336 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747896 2019-09-17] (McAfee, LLC. -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [352104 2015-09-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.2.117.0\\McCSPServiceHost.exe [2226608 2019-10-22] (McAfee, LLC. -> McAfee, LLC.)
S2 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [708112 2019-09-17] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1731480 2019-10-21] (McAfee, LLC -> McAfee, LLC.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1367040 2019-09-19] (McAfee, LLC. -> McAfee, Inc.)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [669128 2018-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [50648 2020-01-14] (Dell Inc. -> Dell Inc.)
R2 WavesSysSvc; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe [884616 2018-12-04] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4322768 2018-11-15] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2020-01-27] (Dell Inc. -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [35704 2019-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dvdfab; C:\Windows\system32\drivers\dvdfab.sys [91992 2019-03-13] (Fengtao Software Inc. -> Windows (R) Win 7 DDK provider)
R3 HfAudio; C:\WINDOWS\System32\drivers\HfAudio.sys [65008 2018-09-08] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-22] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72248 2018-02-22] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563640 2019-08-31] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107448 2019-08-31] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1026896 2018-02-26] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScrHIDDriver; C:\WINDOWS\System32\drivers\ScrHIDDriver.sys [58864 2018-09-08] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-01 22:36 - 2020-02-01 22:38 - 000026481 _____ C:\Users\Al\Downloads\FRST.txt
2020-02-01 22:35 - 2020-02-01 22:35 - 000000102 ____H C:\Users\Al\Desktop\.~lock.Exystence – 1-23-20.odt#
2020-02-01 22:32 - 2020-02-01 22:37 - 000000000 ____D C:\FRST
2020-02-01 22:23 - 2020-02-01 22:24 - 002581504 _____ (Farbar) C:\Users\Al\Downloads\FRST64.exe
2020-02-01 21:37 - 2020-02-01 21:37 - 000001776 _____ C:\Users\Public\Desktop\Reset Browser Settings.lnk
2020-02-01 21:37 - 2020-02-01 21:37 - 000001776 _____ C:\ProgramData\Desktop\Reset Browser Settings.lnk
2020-02-01 21:37 - 2020-02-01 21:37 - 000000902 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2020-02-01 21:37 - 2020-02-01 21:37 - 000000902 _____ C:\ProgramData\Desktop\Trojan Killer.lnk
2020-02-01 21:37 - 2020-02-01 21:37 - 000000000 ____D C:\Program Files\Trojan Killer
2020-02-01 21:35 - 2020-02-01 21:35 - 001786768 _____ (GridinSoft LLC) C:\Users\Al\Downloads\TrojanKiller-Setup.exe
2020-02-01 20:59 - 2020-02-01 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-02-01 01:23 - 2020-02-01 01:23 - 000000000 ____D C:\Users\Al\Downloads\1975.02.07 NYC
2020-02-01 00:27 - 2020-02-01 00:27 - 000000000 ____D C:\Users\Al\Downloads\Aretha Franklin & King Curtis-Dont Fight The Feeling Fillmore West (1971)-2005
2020-02-01 00:26 - 2020-02-01 00:26 - 000000000 ____D C:\Users\Al\Downloads\Stevie Wonder-Mono Singles-2019
2020-02-01 00:26 - 2020-02-01 00:26 - 000000000 ____D C:\Users\Al\Downloads\Otis Rush-All Your Love I Miss Loving-Live At The Wise Fools Pub Chicago (1976)-2005
2020-02-01 00:25 - 2020-02-01 00:25 - 000000000 ____D C:\Users\Al\Downloads\2007 - Van Morrison - The Best Of Van Morrison Volume 3
2020-02-01 00:25 - 2020-02-01 00:25 - 000000000 ____D C:\Users\Al\Downloads\1993 - Van Morrison - The Best of Van Morrison Volume 2
2020-02-01 00:24 - 2020-02-01 00:24 - 000000000 ____D C:\Users\Al\Downloads\2003 - Van Morrison - I Wanna Know Did You Get The Feeling
2020-01-31 23:51 - 2020-01-31 23:57 - 000000000 ____D C:\Users\Al\Downloads\Watch Overtime_ January 31, 2020 (HBO)
2020-01-31 23:49 - 2020-01-31 23:59 - 000000000 ____D C:\Users\Al\Downloads\Full Real Time With Bill Maher HBO 1_31_20 _ Real Time With Bill Maher January 31, 2020
2020-01-31 16:24 - 2020-01-31 16:25 - 000000000 ____D C:\Users\Al\Desktop\Taylor Hayes
2020-01-31 16:02 - 2020-01-31 16:02 - 000000000 ____D C:\Users\Al\Downloads\1999 - Van Morrison - Brown Eyed Girl
2020-01-31 16:02 - 2020-01-31 16:02 - 000000000 ____D C:\Users\Al\Downloads\1998 - Van Morrison - The Best Of Van Morrison
2020-01-31 16:01 - 2020-01-31 16:01 - 000000000 ____D C:\Users\Al\Downloads\Nancy Sinatra & Lee Hazlewood-Nancy & Lee 3-2004
2020-01-31 16:01 - 2020-01-31 16:01 - 000000000 ____D C:\Users\Al\Downloads\Augie Meyers And The Western Head Band-Live At The Longneck-1975
2020-01-31 16:01 - 2020-01-31 16:01 - 000000000 ____D C:\Users\Al\Downloads\2015 - Van Morrison - Live at Cyprus Avenue
2020-01-31 16:00 - 2020-01-31 16:00 - 000000000 ____D C:\Users\Al\Downloads\Art Blakey & The Afro-Drum Ensemble-The African Beat-1962
2020-01-31 15:58 - 2020-01-31 15:58 - 000000000 ____D C:\Users\Al\Downloads\Various Artists - A Tribute to Spacemen 3 (1998) [flac]
2020-01-31 15:58 - 2020-01-31 15:58 - 000000000 ____D C:\Users\Al\Downloads\Testimony by Robbie Robertson
2020-01-31 15:57 - 2020-01-31 15:57 - 000000000 ____D C:\Users\Al\Downloads\Jesus & Mary Chain - Reverence EP (Blanco Y Negro, 1992) flac
2020-01-31 15:57 - 2020-01-31 15:57 - 000000000 ____D C:\Users\Al\Downloads\Goldmine -March 2020
2020-01-31 15:56 - 2020-01-31 15:56 - 000000000 ____D C:\Users\Al\Downloads\RecordCollector Issue 502 February 2020
2020-01-31 15:56 - 2020-01-31 15:56 - 000000000 ____D C:\Users\Al\Downloads\Jesus_And_Mary_Chain_-_2000_-_The_Complete_John_Peel_Sessions_[FLAC]_(Strange_Fruit__-_SFRSCD092)
2020-01-31 15:34 - 2020-01-31 15:34 - 000000000 ____D C:\Users\Al\Downloads\Paul Weller - In Another Room (2020)
2020-01-31 15:34 - 2020-01-31 15:34 - 000000000 ____D C:\Users\Al\Downloads\1978 - Brian Eno - Ambient 1 Music For Airports (Rem.)
2020-01-31 12:53 - 2020-01-31 12:53 - 000000000 ____D C:\Users\Al\AppData\Roaming\3674
2020-01-31 03:55 - 2020-01-31 03:55 - 000000000 ____D C:\Users\Al\Downloads\MeetMadden Next Year 1-27-20
2020-01-31 03:55 - 2020-01-31 03:55 - 000000000 ____D C:\Users\Al\Downloads\MeetMadden Mens Shirt 1-24-20
2020-01-31 03:55 - 2020-01-31 03:55 - 000000000 ____D C:\Users\Al\Downloads\B0b Dy1an & Band - The Basement Tapes (1975) [2012 mfsl udsacd 2082]
2020-01-31 03:47 - 2020-01-31 03:49 - 000000000 ____D C:\Users\Al\Desktop\Miela - HollyRandall - Light My Fire Pic Set 2-1-14 (87 pics)
2020-01-31 03:39 - 2020-01-31 03:41 - 000000000 ____D C:\Users\Al\Desktop\Julia Hayes - Suze - Set #1409 (31 pics - 2400px) (2014, 1-16-2020)
2020-01-31 03:39 - 2020-01-31 03:39 - 000000000 ____D C:\Users\Al\Downloads\workin-out
2020-01-31 03:25 - 2020-01-31 03:30 - 000000000 ____D C:\Users\Al\Desktop\Nikki Tyler - Suze - Set #1535 (45 pics - 2400px) (2014, 1-20-2020)
2020-01-31 02:46 - 2020-01-31 03:01 - 000000000 ____D C:\Users\Al\Desktop\Sandra Scream - Suze - Set #1118 (36 pics 2400px) (2014, 1-21-2020)
2020-01-31 02:04 - 2020-01-31 02:04 - 021593106 _____ C:\Users\Al\Downloads\247405_full Kadie.zip
2020-01-31 02:04 - 2020-01-31 02:04 - 019505197 _____ C:\Users\Al\Downloads\247406_full Kadie.zip
2020-01-31 02:04 - 2020-01-31 02:04 - 011268425 _____ C:\Users\Al\Downloads\250369_full Kadie.zip
2020-01-31 02:03 - 2020-01-31 02:04 - 010296420 _____ C:\Users\Al\Downloads\250368_full Kadie.zip
2020-01-31 02:03 - 2020-01-31 02:03 - 015117670 _____ C:\Users\Al\Downloads\247407_full Kadie.zip
2020-01-31 02:02 - 2020-01-31 02:02 - 011286231 _____ C:\Users\Al\Downloads\250367_full Kadie.zip
2020-01-30 20:20 - 2020-01-30 20:20 - 000425863 _____ C:\Users\Al\Downloads\Threats against the author of ‘American Dirt’ threaten us all - The Washington Post.html
2020-01-30 20:20 - 2020-01-30 20:20 - 000000000 ____D C:\Users\Al\Downloads\Threats against the author of ‘American Dirt’ threaten us all - The Washington Post_files
2020-01-30 12:58 - 2020-01-30 12:58 - 000000000 ____D C:\Users\Al\Downloads\Beck_-_Odelay_2_x_CD_flac
2020-01-30 12:56 - 2020-01-30 12:56 - 000000000 ____D C:\Users\Al\Downloads\Siouxsie_&_the_Banshees_-_Juju_-_2006_flac
2020-01-30 03:16 - 2020-01-30 03:16 - 000000000 ____D C:\Users\Al\Downloads\Jessi Colter-Thats The Way A Cowboy Rocks And Rolls-1978
2020-01-30 03:15 - 2020-01-30 03:15 - 000000000 ____D C:\Users\Al\Downloads\VA-Peter And The Wolf-1975
2020-01-30 03:15 - 2020-01-30 03:15 - 000000000 ____D C:\Users\Al\Downloads\PJStories
2020-01-30 03:15 - 2020-01-30 03:15 - 000000000 ____D C:\Users\Al\Downloads\PJDesire
2020-01-30 03:12 - 2020-01-30 03:12 - 000000000 ____D C:\Users\Al\Downloads\VEiiLA - The Nation Of One
2020-01-30 03:12 - 2020-01-30 03:12 - 000000000 ____D C:\Users\Al\Downloads\Ascenseur Pour L'Échafaud
2020-01-30 03:11 - 2020-01-30 03:11 - 000000000 ____D C:\Users\Al\Downloads\Badlands, A Tribute
2020-01-30 03:07 - 2020-01-30 03:07 - 000000000 ____D C:\Users\Al\Downloads\The Peel Session [EP]
2020-01-30 03:07 - 2020-01-30 03:07 - 000000000 ____D C:\Users\Al\Downloads\CSAR
2020-01-30 03:05 - 2020-01-30 03:05 - 000000000 ____D C:\Users\Al\Downloads\Siouxsie & The Banshees - Peepshow (1988) Exp V0
2020-01-30 03:05 - 2020-01-30 03:05 - 000000000 ____D C:\Users\Al\Downloads\John Grant BBC Radio 6 Full Show
2020-01-30 03:05 - 2020-01-30 03:05 - 000000000 ____D C:\Users\Al\Downloads\John Grant BBC Radio 6 Edited Version
2020-01-30 02:53 - 2020-01-30 02:53 - 000000000 ____D C:\Users\Al\Downloads\Siouxsie and the Banshees Live Germany 1981
2020-01-30 02:50 - 2020-01-30 02:50 - 000000000 ____D C:\Users\Al\Downloads\2018 - Van Morrison - In Concert
2020-01-30 02:50 - 2020-01-30 02:50 - 000000000 ____D C:\Users\Al\Downloads\1986 - Van Morrison - No Guru, No Method, No Teacher (2008 remaster)
2020-01-30 02:50 - 2020-01-30 02:50 - 000000000 ____D C:\Users\Al\Downloads\1985 - Van Morrison - A Sense of Wonder (2008 remaster)
2020-01-30 02:47 - 2020-01-30 02:47 - 000000000 ____D C:\Users\Al\Downloads\2000 - Van Morrison, Lonnie Donegan & Chris Barber - The Skiffle Sessions Live in Belfast
2020-01-30 02:47 - 2020-01-30 02:47 - 000000000 ____D C:\Users\Al\Downloads\1989 - Van Morrison - The Concert (Remastered 2004)
2020-01-30 02:45 - 2020-01-30 02:45 - 000000000 ____D C:\Users\Al\Downloads\Bongwater - The Big Sell-Out (1992)
2020-01-30 02:43 - 2020-01-30 02:43 - 000000000 ____D C:\Users\Al\Downloads\Bongwater - The Power of Kitty (1990)
2020-01-30 02:42 - 2020-01-30 02:42 - 000000000 ____D C:\Users\Al\Downloads\Bongwater - Too Much Sleep (1989)
2020-01-30 02:35 - 2020-01-30 02:35 - 000000000 ____D C:\Users\Al\Downloads\Bongwater - Double Bummer (1988)
2020-01-30 02:34 - 2020-01-30 02:34 - 000000000 ____D C:\Users\Al\Downloads\RHR RedfernHotel Toledo
2020-01-30 02:32 - 2020-01-30 02:32 - 000000000 ____D C:\Users\Al\Downloads\Roseanne Cash-Grand Theatre Kingston ON-2-20-18
2020-01-30 02:25 - 2020-01-30 02:25 - 000000000 ____D C:\Users\Al\Downloads\Nigel Mullaney
2020-01-30 02:21 - 2020-01-30 02:21 - 000000000 ____D C:\Users\Al\Downloads\Miles in Antibes
2020-01-30 02:16 - 2020-01-30 02:16 - 000000000 ____D C:\Users\Al\Downloads\Jimi.Hendrix.The.Road.to.Woodstock.2014.WEBRip.x264
2020-01-30 00:37 - 2020-01-30 00:37 - 039168046 _____ C:\Users\Al\Downloads\flipbook.pdf
2020-01-28 10:12 - 2020-01-28 10:12 - 000000000 ____D C:\Users\Al\Downloads\Kristin Hersh-Hips And Makers (1994)
2020-01-28 04:20 - 2020-01-28 04:20 - 000000000 ____D C:\Users\Al\Downloads\The_Coal_Porters_-_The_Gram_Parsons_Tribute_Concert
2020-01-28 04:20 - 2020-01-28 04:20 - 000000000 ____D C:\Users\Al\Downloads\Dogs in Florence
2020-01-27 20:05 - 2020-01-27 20:05 - 000000000 ____D C:\Users\Al\Downloads\Doug Sahm And The Sir Douglas Quintet-The Complete Mercury Recordings-2005
2020-01-27 17:57 - 2020-01-27 17:58 - 002794956 _____ C:\WINDOWS\Minidump\012720-45234-01.dmp
2020-01-27 03:56 - 2020-01-27 03:56 - 000000000 ____D C:\Users\Al\Downloads\2017 - Van Morrison - The Authorized Bang Collection
2020-01-27 03:55 - 2020-01-27 03:55 - 000000000 ____D C:\Users\Al\Downloads\2016 - Van Morrison - Keep Me Singing
2020-01-27 03:55 - 2020-01-27 03:55 - 000000000 ____D C:\Users\Al\Downloads\2012 - Van Morrison - Born To Sing - No Plan B
2020-01-27 03:54 - 2020-01-27 03:54 - 000000000 ____D C:\Users\Al\Downloads\1974 - Van Morrison - T. B. Sheets
2020-01-27 03:52 - 2020-01-27 03:52 - 000000000 ____D C:\Users\Al\Downloads\2006 - Van Morrison - The Genuine Philosopher's Stone
2020-01-27 03:52 - 2020-01-27 03:52 - 000000000 ____D C:\Users\Al\Downloads\1998 - Van Morrison - The Philosopher's Stone
2020-01-27 03:51 - 2020-01-27 03:51 - 000000000 ____D C:\Users\Al\Downloads\2009 A Woman A Man Walked By
2020-01-27 03:51 - 2020-01-27 03:51 - 000000000 ____D C:\Users\Al\Downloads\1996 Dance Hall At Louse Point
2020-01-27 03:50 - 2020-01-27 03:50 - 000000000 ____D C:\Users\Al\Downloads\2015 - Van Morrison - The Essential
2020-01-27 03:50 - 2020-01-27 03:50 - 000000000 ____D C:\Users\Al\Downloads\1996 - Van Morrison - Spanish Rose
2020-01-27 03:49 - 2020-01-27 03:49 - 000000000 ____D C:\Users\Al\Downloads\2011 - Van Morrison - The Van Morrison Christmas Album
2020-01-27 03:49 - 2020-01-27 03:49 - 000000000 ____D C:\Users\Al\Downloads\2009 - Van Morrison - Astral Weeks Live at the Hollywood Bowl
2020-01-27 03:48 - 2020-01-27 03:48 - 000000000 ____D C:\Users\Al\Downloads\Hynde, Chrissie - Reckless
2020-01-27 03:48 - 2020-01-27 03:48 - 000000000 ____D C:\Users\Al\Downloads\2008 - Van Morrison - Keep It Simple
2020-01-27 03:48 - 2020-01-27 03:48 - 000000000 ____D C:\Users\Al\Downloads\2007 - Van Morrison - At The Movies
2020-01-27 03:47 - 2020-01-27 03:47 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 6)-2007
2020-01-27 03:46 - 2020-01-27 03:46 - 000000000 ____D C:\Users\Al\Downloads\Devo-Austin City Limits Live-Moody Theater Austin TX-7-2-14
2020-01-27 03:45 - 2020-01-27 03:45 - 000000000 ____D C:\Users\Al\Downloads\R0k C@nady 2018 vol.06 to 11
2020-01-27 03:45 - 2020-01-27 03:45 - 000000000 ____D C:\Users\Al\Downloads\R0k C@nady 2017 vol.01 to 05
2020-01-27 03:44 - 2020-01-27 03:44 - 000000000 ____D C:\Users\Al\Downloads\Shadows Of Knight - Gloria (1966)(1998 CD - SC 6155) [FLAC]
2020-01-27 03:44 - 2020-01-27 03:44 - 000000000 ____D C:\Users\Al\Downloads\Judee Sill - Live In London (The BBC Recordings 1972-1973) (2007)
2020-01-27 03:43 - 2020-01-27 03:43 - 000000000 ____D C:\Users\Al\Downloads\Substance - Peter Hook
2020-01-27 03:43 - 2020-01-27 03:43 - 000000000 ____D C:\Users\Al\Downloads\John Stewart-Live Ebbets Field Denver CO-4-23-76
2020-01-27 03:42 - 2020-01-27 03:42 - 000000000 ____D C:\Users\Al\Downloads\Jackson Browne-The Criterion Demos Hollywood CA-4-6-70
2020-01-27 03:42 - 2020-01-27 03:42 - 000000000 ____D C:\Users\Al\Downloads\Bonnie Raitt - The Lost Broadcast Philadelphia 1972 (2010)
2020-01-27 03:41 - 2020-01-27 03:41 - 000000000 ____D C:\Users\Al\Downloads\Jefferson Airplane,Jefferson Starship,Starship-The Essential Jefferson Airplane-Jefferson Starship-Starship-1998
2020-01-27 03:41 - 2020-01-27 03:41 - 000000000 ____D C:\Users\Al\Downloads\ByrdsTurn!
2020-01-27 03:40 - 2020-01-27 03:40 - 000000000 ____D C:\Users\Al\Downloads\Shirley&Dolly
2020-01-27 03:39 - 2020-01-27 03:39 - 000000000 ____D C:\Users\Al\Downloads\Patty Larkin-Live At The Natick Center For The Arts-Natick MA-4-19-14
2020-01-27 03:38 - 2020-01-27 03:38 - 000000000 ____D C:\Users\Al\Downloads\The Derailers - Under The Influence Of Buck @320
2020-01-27 03:38 - 2020-01-27 03:38 - 000000000 ____D C:\Users\Al\Downloads\Nils_Lofgren_-_1971_-_grin_-_bonus_tracks_(flac)
2020-01-27 03:37 - 2020-01-27 03:37 - 000000000 ____D C:\Users\Al\Downloads\Tom_Petty_&_The_Heartbreakers__-_Hard_Promises_(1981)__mfsl_gold_udcd_(flac)
2020-01-27 03:37 - 2020-01-27 03:37 - 000000000 ____D C:\Users\Al\Downloads\Andy Shauf The Party
2020-01-27 03:36 - 2020-01-27 03:36 - 000000000 ____D C:\Users\Al\Downloads\AndyShauf B-sides
2020-01-27 03:19 - 2020-01-27 03:19 - 000000000 ____D C:\Users\Al\Downloads\B.B. King_ The Life of Riley-2012
2020-01-27 03:15 - 2020-01-27 03:15 - 000000000 ____D C:\Users\Al\Downloads\Night Music-David Sanborn & Jools Holland (Show 117)
2020-01-27 03:13 - 2020-01-27 03:13 - 000000000 ____D C:\Users\Al\Downloads\Silversun_Pickups_-_Demo_(2004)_[FLAC]
2020-01-27 03:13 - 2020-01-27 03:13 - 000000000 ____D C:\Users\Al\Downloads\Art_Pepper_-_Art_Pepper__Eleven_(modern_jazz_classics)_(1959_[1991_mobile_fidelity_sound_lab_MFCD_805])[flac]
2020-01-27 03:12 - 2020-01-27 03:12 - 000000000 ____D C:\Users\Al\Downloads\Moody Blues - A Question Of Balance (1969) (MFSL) (FLAC)
2020-01-27 03:10 - 2020-01-27 03:10 - 000000000 ____D C:\Users\Al\Downloads\The Kinks - Face to Face (2011 Deluxe Edition) [FLAC]
2020-01-27 03:09 - 2020-01-27 03:09 - 000000000 ____D C:\Users\Al\Downloads\The_Guess_Who_-_This_Long_Time_Ago_2_x_CD_flac
2020-01-27 03:08 - 2020-01-27 03:08 - 000000000 ____D C:\Users\Al\Downloads\Grateful Dead 1977_ The Rise of Terrapin Nation by Howard Weiner
2020-01-26 22:21 - 2020-01-26 23:50 - 000000000 ____D C:\Users\Al\Downloads\A MusiCares' Tribute to Paul McCartney (2012)
2020-01-26 21:56 - 2020-01-26 23:08 - 000000000 ____D C:\Users\Al\Downloads\Monarchy BBC Docu 03 Conquest
2020-01-26 21:32 - 2020-01-26 22:44 - 000000000 ____D C:\Users\Al\Downloads\Monarchy BBC Docu 02 Aengla Land
2020-01-26 21:32 - 2020-01-26 22:21 - 000000000 ____D C:\Users\Al\Downloads\Monarchy BBC Docu 01 A Nation State
2020-01-26 19:42 - 2020-01-26 19:45 - 000000000 ____D C:\Users\Al\Desktop\Real Time With Bill Maher 1-24-20 (400)
2020-01-26 14:11 - 2020-01-26 14:11 - 000000000 ____D C:\Users\Al\Downloads\Vudu - Free_ Last Chance_ Leaving 1_31_2020_files
2020-01-26 14:10 - 2020-01-26 14:11 - 000144497 _____ C:\Users\Al\Downloads\Vudu - Free_ Last Chance_ Leaving 1_31_2020.html
2020-01-26 12:45 - 2020-01-26 21:09 - 000000000 ____D C:\Hitchcock
2020-01-26 12:06 - 2020-01-26 12:06 - 000000000 ____D C:\Users\Al\Downloads\Roxy_Music_-_Oakland,_CA_04-20-1979_SBD-flac
2020-01-26 12:03 - 2020-01-26 12:03 - 000000000 ____D C:\Users\Al\Desktop\VERYHappyEnding720
2020-01-25 16:55 - 2020-01-25 16:55 - 000000000 ____D C:\Users\Al\Downloads\Jessi Colter - Mirriam (1977) [Flac]
2020-01-25 16:13 - 2020-01-25 16:13 - 000000000 ____D C:\Users\Al\Downloads\Jessi Colter-Diamond In The Rough-1976
2020-01-25 16:10 - 2020-01-25 16:10 - 000000000 ____D C:\Users\Al\Downloads\The_Legendary_Arms_Concert_Royal_Albert_Hall_(1983)
2020-01-25 16:09 - 2020-01-25 16:09 - 000000000 ____D C:\Users\Al\Downloads\BBCovers
2020-01-25 16:08 - 2020-01-25 16:08 - 000000000 ____D C:\Users\Al\Downloads\Jessi Colter-Jessie-1976
2020-01-25 16:08 - 2020-01-25 16:08 - 000000000 ____D C:\Users\Al\Downloads\BBBallads
2020-01-25 15:56 - 2020-01-25 15:56 - 000000000 ____D C:\Users\Al\Downloads\Cream_-_Wheels_Of_Fire_dlx_2_x_CD_flac
2020-01-23 15:38 - 2020-01-23 15:38 - 000000000 ____D C:\Users\Al\Downloads\Bonnie Raitt - Takin' My Time (1973) flac
2020-01-23 15:37 - 2020-01-23 15:37 - 000000000 ____D C:\Users\Al\Downloads\VABeachStars
2020-01-23 15:37 - 2020-01-23 15:37 - 000000000 ____D C:\Users\Al\Downloads\Robert Plant The Voice That Sailed the Zeppelin
2020-01-23 15:37 - 2020-01-23 15:37 - 000000000 ____D C:\Users\Al\Downloads\DanArBraz
2020-01-23 15:36 - 2020-01-23 15:36 - 000000000 ____D C:\Users\Al\Downloads\Robert Plant - The Principle Of Moments (1983) flac
2020-01-23 15:35 - 2020-01-23 15:35 - 000000000 ____D C:\Users\Al\Downloads\JuniorCook
2020-01-23 15:21 - 2020-01-23 15:21 - 000000000 ____D C:\Users\Al\Downloads\No_Quarter;_Jimmy_Page_&_Robert_Plant_Unledded_(1994)_flac
2020-01-23 14:52 - 2020-01-23 14:52 - 000000000 ____D C:\Users\Al\Downloads\Sneaker Pimps-Becoming X (1997)
2020-01-23 14:00 - 2020-01-23 14:00 - 077668574 _____ C:\Users\Al\Downloads\eternaldesire_2020-01-22_keira_b_-_open_x43_2883x4324.zip
2020-01-23 12:49 - 2020-01-23 12:49 - 000000000 ____D C:\Users\Al\Downloads\KFC's Zinger Popcorn Box
2020-01-23 12:46 - 2020-02-01 02:08 - 000105499 _____ C:\Users\Al\Desktop\Exystence – 1-23-20.odt
2020-01-23 11:52 - 2020-01-23 11:52 - 000000000 ____D C:\Users\Al\Downloads\Worlds_of_Sound__The_Story_of_Smithsonian_Folkways_by_Carlin_Richard
2020-01-22 12:03 - 2020-01-22 12:03 - 000000000 ____D C:\Users\Al\Downloads\Blondie - Autoamerican (1980) expanded flac
2020-01-21 14:06 - 2020-01-21 14:08 - 356623462 _____ C:\Users\Al\Downloads\alsscan_2020-01-21_megan_marx_-_golden_triangle_x224_3057x4586.zip
2020-01-21 01:49 - 2020-01-28 17:25 - 000000000 ____D C:\Users\Al\Desktop\desk
2020-01-21 00:04 - 2020-01-21 00:04 - 000000000 ____D C:\Users\Al\Downloads\Velvet_Underground_-_1967-04-30_Psychedelic_Sounds_From_The_Gymnasium_flac
2020-01-20 19:54 - 2020-01-20 19:54 - 000000000 ____D C:\Users\Al\Downloads\1997 - Them - The Story Of Them
2020-01-20 19:54 - 2020-01-20 19:54 - 000000000 ____D C:\Users\Al\Downloads\1992 - Van Morrison - This Is Van Morrison
2020-01-20 19:53 - 2020-01-20 19:53 - 000000000 ____D C:\Users\Al\Downloads\2006 - Van Morrison - Live At Austin City Limits Festival
2020-01-20 19:52 - 2020-01-20 19:52 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 5)-2007
2020-01-20 19:51 - 2020-01-20 19:51 - 000000000 ____D C:\Users\Al\Downloads\wetransfer-52dc6a
2020-01-20 17:03 - 2020-01-20 17:03 - 000000000 ____D C:\Users\Al\Downloads\Barracudas
2020-01-20 17:01 - 2020-01-20 17:01 - 000000000 ____D C:\Users\Al\Downloads\Bronco
2020-01-20 17:00 - 2020-01-20 17:00 - 000000000 ____D C:\Users\Al\Downloads\VANuggets
2020-01-20 16:59 - 2020-01-20 16:59 - 000000000 ____D C:\Users\Al\Downloads\QueenVision
2020-01-20 16:58 - 2020-01-20 16:58 - 000000000 ____D C:\Users\Al\Downloads\Futurebirds
2020-01-20 16:57 - 2020-01-20 16:57 - 000000000 ____D C:\Users\Al\Downloads\Mojo
2020-01-20 16:57 - 2020-01-20 16:57 - 000000000 ____D C:\Users\Al\Downloads\JojaBand
2020-01-20 16:56 - 2020-01-20 16:56 - 000000000 ____D C:\Users\Al\Downloads\CannedHeat
2020-01-20 11:40 - 2020-01-20 11:40 - 000000000 ____D C:\Users\Al\Downloads\RT 15-20
2020-01-20 11:40 - 2020-01-20 11:40 - 000000000 ____D C:\Users\Al\Downloads\MB 19 - M
2020-01-20 11:39 - 2020-01-20 11:39 - 000000000 ____D C:\Users\Al\Downloads\CV 20 - CV-IS
2020-01-20 04:32 - 2020-01-20 04:32 - 000000000 ____D C:\Users\Al\Downloads\The Kinks - Sleepwalker (February 12, 1977) FLAC
2020-01-20 04:27 - 2020-01-20 04:27 - 000000000 ____D C:\Users\Al\Downloads\The Kinks - Misfits (May 19, 1978) FLAC
2020-01-20 04:21 - 2020-01-20 04:21 - 000000000 ____D C:\Users\Al\Downloads\R.Stevie_Moore_-_What's_The_Point_(1984)
2020-01-20 04:20 - 2020-01-20 04:20 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 4)-2007
2020-01-20 04:19 - 2020-01-20 04:19 - 000000000 ____D C:\Users\Al\Downloads\Rs 9599
2020-01-20 04:18 - 2020-01-20 04:18 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 3)-2007
2020-01-20 04:18 - 2020-01-20 04:18 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 2)-2007
2020-01-20 04:18 - 2020-01-20 04:18 - 000000000 ____D C:\Users\Al\Downloads\Richard Thompson-Gathered Tracks (Vol 1)-2007
2020-01-20 01:17 - 2020-01-20 01:17 - 000000000 ____D C:\Users\Al\Downloads\Chris Isaak - Wicked Game (1991) FLAC
2020-01-20 00:22 - 2020-01-20 00:22 - 000000000 ____D C:\Users\Al\Downloads\wstbnt
2020-01-19 22:13 - 2020-01-19 22:13 - 000000000 ____D C:\Users\Al\Downloads\Dala_-Girls_From_The_North_Country;_Dala_Live_In_Concert_FLAC
2020-01-19 17:23 - 2020-01-19 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-01-19 16:43 - 2020-01-19 16:43 - 000000000 ____D C:\Users\Al\AppData\Roaming\5401
2020-01-19 16:41 - 2020-01-19 16:41 - 000000000 ____D C:\Users\Al\Downloads\Creedence_Clearwater_Revival_-_Green_River_(1969)_(Remaster_2008_SHM-CD___bonus)_flac
2020-01-19 14:15 - 2020-01-19 14:15 - 000000000 ____D C:\Users\Al\Downloads\Revolution in the Head- The Be@t1es' Records and the Sixties by Ian MacDonald
2020-01-19 14:15 - 2020-01-19 14:15 - 000000000 ____D C:\Users\Al\Downloads\George Harrison - Beware Of Abkco (1994) [FLAC] (STR001)
2020-01-19 10:33 - 2020-01-19 10:33 - 000000000 ____D C:\Users\Al\Downloads\the_kinks_-_the_great_lost_kinks_album_flac
2020-01-18 22:19 - 2020-01-18 22:21 - 000000000 ____D C:\Users\Al\Desktop\Proclaimers - This Is The Story (1987) [Flac]
2020-01-18 19:49 - 2020-02-01 02:16 - 000000000 ____D C:\Users\Al\Desktop\music 21
2020-01-17 10:02 - 2020-01-17 10:04 - 002982532 _____ C:\WINDOWS\Minidump\011720-38468-01.dmp
2020-01-16 05:01 - 2020-01-16 05:01 - 000000000 ____D C:\WINDOWS\Panther
2020-01-15 06:34 - 2020-01-15 06:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-15 06:34 - 2020-01-15 06:34 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-15 06:33 - 2020-01-15 06:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-15 06:33 - 2020-01-15 06:33 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-15 06:33 - 2020-01-15 06:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-15 05:11 - 2020-01-15 05:11 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-15 05:11 - 2020-01-15 05:11 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-03 00:16 - 2020-01-03 00:16 - 000270093 _____ C:\Users\Al\Downloads\The Two-Party System Broke the Constitution - The Atlantic.html
2020-01-03 00:16 - 2020-01-03 00:16 - 000000000 ____D C:\Users\Al\Downloads\The Two-Party System Broke the Constitution - The Atlantic_files
2020-01-02 23:51 - 2020-01-02 23:51 - 000322509 _____ C:\Users\Al\Downloads\'The Witcher' Is Absurd. That’s Why It’s Brilliant. - The Atlantic.html
2020-01-02 23:51 - 2020-01-02 23:51 - 000000000 ____D C:\Users\Al\Downloads\'The Witcher' Is Absurd. That’s Why It’s Brilliant. - The Atlantic_files

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-01 22:28 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-01 21:10 - 2018-12-15 17:23 - 000000000 ____D C:\Users\Al\AppData\Roaming\dvdcss
2020-02-01 20:56 - 2018-12-15 16:14 - 000000000 __SHD C:\Users\Al\IntelGraphicsProfiles
2020-02-01 20:51 - 2018-12-19 14:41 - 001371150 _____ C:\Users\Al\Desktop\New Text Document.txt
2020-02-01 20:01 - 2018-12-19 14:41 - 000464222 _____ C:\Users\Al\Desktop\Daily.txt
2020-02-01 19:21 - 2019-09-11 14:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-01 14:27 - 2019-09-11 14:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-02-01 10:51 - 2018-12-22 17:59 - 000000000 ____D C:\Users\Al\Desktop\Comic Pics
2020-02-01 02:19 - 2018-12-15 20:32 - 000000000 ____D C:\Users\Al\AppData\Local\JDownloader 2.0
2020-02-01 00:19 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-01 00:19 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-31 22:49 - 2018-12-15 17:22 - 000000000 ____D C:\Users\Al\AppData\Roaming\vlc
2020-01-31 15:23 - 2019-01-16 14:27 - 000000000 ____D C:\Users\Al\AppData\Roaming\DVDFab11
2020-01-31 15:10 - 2019-01-16 14:27 - 000000000 ____D C:\Users\Al\Documents\DVDFabCommon
2020-01-31 10:26 - 2019-01-16 14:27 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-01-30 02:43 - 2019-02-17 20:01 - 000000000 ____D C:\Users\Al\AppData\LocalLow\Mozilla
2020-01-29 15:08 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-27 18:03 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Registration
2020-01-27 17:59 - 2019-09-11 14:13 - 000000000 ____D C:\Users\Al
2020-01-27 17:57 - 2019-09-20 09:21 - 000000000 ____D C:\WINDOWS\Minidump
2020-01-27 17:57 - 2019-09-11 14:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-27 17:57 - 2019-03-18 23:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-24 13:14 - 2019-12-24 01:01 - 000000000 ____D C:\Users\Al\Desktop\Marvel & Avengers
2020-01-22 17:31 - 2019-10-15 16:05 - 000745778 _____ C:\Users\Al\Desktop\Exystence - 10-15-2019.odt
2020-01-22 12:55 - 2018-12-16 10:17 - 000000000 ____D C:\Users\Al\Desktop\Beatles Pics
2020-01-22 12:54 - 2018-12-16 10:17 - 000000000 ____D C:\Users\Al\Desktop\Beatle Brunch Club
2020-01-21 16:29 - 2018-12-15 16:20 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-21 16:29 - 2018-12-15 16:20 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-21 16:29 - 2018-12-15 16:20 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-21 10:07 - 2019-12-07 19:08 - 000028354 _____ C:\Users\Al\Desktop\pass 12-2019.txt
2020-01-21 02:11 - 2018-12-31 18:39 - 000000000 ____D C:\Art
2020-01-21 00:35 - 2018-09-08 02:50 - 000000000 ____D C:\ProgramData\PCDr
2020-01-21 00:30 - 2019-09-11 14:06 - 000296344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-21 00:29 - 2019-03-18 23:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-19 17:32 - 2018-12-15 16:14 - 000000000 ____D C:\Users\Al\AppData\Local\Packages
2020-01-19 17:22 - 2018-09-08 02:49 - 000000000 ____D C:\ProgramData\SupportAssist
2020-01-19 16:46 - 2019-01-16 14:26 - 000001826 _____ C:\Users\Al\Desktop\DVDFab 11 Mini (x64).lnk
2020-01-19 16:46 - 2019-01-16 14:26 - 000001784 _____ C:\Users\Al\Desktop\DVDFab 11 (x64).lnk
2020-01-19 16:46 - 2019-01-16 14:26 - 000000000 ____D C:\Program Files\DVDFab 11
2020-01-18 00:24 - 2019-09-13 22:22 - 000000000 ____D C:\Users\Al\Desktop\Beatles Books & Mags
2020-01-17 00:03 - 2019-09-11 14:36 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2755259552-3065841404-3207337303-1001
2020-01-17 00:03 - 2019-09-11 14:13 - 000002360 _____ C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-17 00:03 - 2018-12-15 16:17 - 000000000 ___RD C:\Users\Al\OneDrive
2020-01-16 04:59 - 2019-03-18 23:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-16 04:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-16 04:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-16 04:59 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-16 01:17 - 2018-12-15 18:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-16 01:11 - 2018-12-15 18:58 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-16 00:02 - 2018-12-21 19:14 - 000000000 ____D C:\Users\Al\Desktop\Score Pic Sets
2020-01-15 06:40 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-15 05:23 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-15 03:14 - 2018-12-17 11:14 - 000000000 ____D C:\Users\Al\AppData\Local\D3DSCache

==================== Files in the root of some directories ========

2019-01-16 14:27 - 2019-01-16 14:27 - 000000171 _____ () C:\Users\Al\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2018-12-15 17:11 - 2018-12-15 17:11 - 000000017 _____ () C:\Users\Al\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


The Addition text file is attached. Thank you.
You do not have the required permissions to view the files attached to this post.
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am
Advertisement
Register to Remove

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 2nd, 2020, 6:01 pm

Hello giffordal,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 2nd, 2020, 6:13 pm

Hello giffordal,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 2nd, 2020, 6:47 pm

Dear pgmigg,

First, I wish to thank you in advance for your assistance in this matter. I'm sure you can imagine how stressful it is to not be able to open any file folders on my computer. Thanks again. Below are the 5 answers to your questions.

A. I did not have any problems executing your instructions. Your advice to save and run the programs from the Desktop was clever since you understand I cannot open any file folders at this time.

B. The contents of the CKFiles.txt log file are:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\al\downloads\inthecrack_2020-01-20_1586_adrian_hush_x91_3000x4500.zip
c:\users\al\downloads\2009 a woman a man walked by\2009 a woman a man walked by\(10) cracks in the canvas.flac
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.18362.1_none_8f03ecc82cf7c75c\ssh-keygen.exe
scanner sequence 3.AB.11.WENAS0
----- EOF -----

C. The contents of the SysInfo scan are:

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18363, Installed 20190911143702.000000-300
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz, Intel64 Family 6 Model 158 Stepping 10, CPU Count: 12
Total Physical RAM: 8 GB
Graphics Card: Intel(R) UHD Graphics 630, 1024 MB
Hard Drives: C: 918 GB (4 GB Free);
Motherboard: Dell Inc. 03NJH0, ver A01, s/n /881MRR2/CNWS20088300RA/
System: Dell Inc., ver DELL - 1072009, s/n 881MRR2
Antivirus: Windows Defender, Disabled

D. The contents of the log created by codecheck.txt are:

Codecheck Version 1.0

02002

E. This computer is my personal computer used only for my personal use. It is not used for business/educational purposes nor is it connected to a business or educational network.

Please let me know what the next steps are and if you have any questions. Thank you again for taking time out of your busy schedule to assist me.
Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 3rd, 2020, 12:58 am

Hello giffordal,

First, I wish to thank you in advance for your assistance in this matter.
You are welcome! :D

Hard Drives: C: 918 GB (4 GB Free);
I would like to draw your attention to the extremely small amount of free hard disk space.
For normal operation of the computer, the disk must have at least 10 percent free space, that is, at least 100 GB in your case. Otherwise, the computer starts to slow down.
Tell me, did you notice that a similar situation with the disk appeared at the same time when your computer became infected?
Or has this ratio of occupied and free space already been around for quite some time?

Now we can start our treatment and analyzing...

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. Please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it. If it will ask for update please decline it.
  3. Click Yes on UAC question and I Agreeon Welcome window.
  4. Click Scan now button and wait for a while until the scan finish... then click on Cancel button.
  5. On the vertical left side menu select Log Files, click on it, and you will see the list of log files.
  6. Find most recent one AdwCleaner[Sxx].txt with a type of Scan and double click on it - the Notepad with a log file will be opened.
  7. Close the AdwCleaner.
  8. Please post the contents of AdwCleaner[Sxx].txt log file from Notepad with your next reply.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Note:
I recommend that you do not turn off (do not restart unless I will ask you to do it) your computer until we completely cure it - I think restarting can worsen the situation.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Content of the C:\AdwCleaner[Sxx].txt
  3. Answer for my questions about hard disk free space.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 3rd, 2020, 2:45 am

Dear pgmigg,

Thank you for your response. Here are my answers to your questions.

A. I had no problems executing the instructions. The TCRB program worked well and it gave me the following message when it finished: "Successful! 12/12 Registry Files Backed Up"

B. Below is a copy of the ADWCleaner log:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-03-2020
# Duration: 00:00:35
# OS: Windows 10 Pro
# Scanned: 34824
# Detected: 19


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\Al\Desktop\SysInfo.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery Folder C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD22BB8F-8135-476E-B0EC-A074DCA01088}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD22BB8F-8135-476E-B0EC-A074DCA01088}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}
Preinstalled.DellSupportAssistAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7994281D-063E-4A04-9F18-76732CF6765F}
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Note: I believe the SysInfo program on my desktop that AdwCleaner identifies as a "PUP.Optional.Legacy" is the SysInfo program that you asked me to download and run in your email of Feb. 2, 2020 at 6:13pm.

C. You are very observant to notice the almost full size of my hard drive. I am aware that I have a lot of files saved on my computer that I have been meaning to transfer to an external hard drive in the near future. My computer has been working well for the past 5 months without any problems and only having b/t 2-10 GB of free space available. In other words, this ratio of free and occupied space on my computer has been the usual for the past 5 months. I do not believe that my lack of free space is the cause of my problem. The problem with my file folders being unable to open happened only after my Google Chrome browser was hijacked and taken to an unwanted webpage the morning of Feb. 1 which infected my system in some manner that prevents me from opening any file folder.

Again, I appreciate your assistance in this matter. I will wait to hear from you regarding any next steps. Thank you.
Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 3rd, 2020, 9:43 am

Hello giffordal,

Please tell me, when you try to open any folder on the Desktop or do it by Windows File Explorer in any other location, do you receive any error message?

If your answers “Yes”, please copy the exact message here.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 3rd, 2020, 12:16 pm

Dear pgmigg,

Thank you for your question. It is the oddest thing and this has never happened to me before since I started using computers in the 1980s (my first computer was an Apple IIe in 1987). The more I think about this situation, the more worried and concerned I become.

Here is what happens when I try to open a file folder on my Desktop: I double click on a file folder on my desktop that I was able to open without any problems before Feb. 1, a small light-blue spinning wheel appears for 1 or 2 seconds on the upper right-hand side on the cursor, my entire screen becomes black for about 1 second, then the normal background color of my desktop appears, and then the folders on my destop appear about 1 second later. I never receive any error message and the file never opens. My attempts to open any file are completely ineffectual and I have no idea why.

This same failure to open also happens when I try to open the Recycle Bin on my Desktop. Before this infection, I could always open the Bin to see what files I had deleted and if I changed my mind about them, I could restore them (ie remove them from the Recycle Bin). After this infection, the same thing happens as I described above when I try to open a file folder - the Recycle Bin never opens and I do not get any error message.

Please note that the file folders seem to be intact. When I place my cursor over a folder, a small white box appears (as it normally does) which includes information such as the date the file folder was created and the total size of the folder. When I right-click on the folder, and go to "Properties" tab, it opens and it displays how large the file folder is.

I am a novice regarding this situation but I wanted to share 2 thoughts I had just from doing some online searches about this issue (please forgive me if these thoughts are not helpful).
1) I found a 4 minute YouTube video called "How to solve it 'Folder Can't Open With Double Click'' at https://www.youtube.com/watch?v=kCiMyGFlefA (the explanation begins at the 1 minute mark). Do you think my settings were changed somehow and that the directions in this video might be helpful in solving the problem? I'm willing to try anything at this time.
2) When my browser was hijacked on Saturday morning, I was annoyed at the inconvenience of having to close my Chrome browser but I really didn't think anything was wrong. An article at Forbes at https://www.forbes.com/sites/daveywinde ... f9e60318f1 best describes what I thought was going on when the browser was hijacked so I used the Task Manager to end the Google Chrome program and restart my computer. However, given my inability to open any file folders after this, do you think my computer was infected by some sort of ransomware? It is strange because I have not received any emails or messages on my computer asking me to pay money to release the files. Of course, when my browser was hijacked on Feb. 1, the scam webpage asked me to call Microsoft for assistance but I disregarded it and closed the browser. Do you think I made a mistake by not writing the phone number the scammers asked me to call? If we had that phone number, do you think we could try to search to see if it has been associated with any ransomware/malware attacks? If you think it would be helpful, I believe I can go this scam webpage again and write down on a piece of paper all of the info on this webpage (including phone number). I can access the site by using the History function of Chrome.

Please let me know what you think about my 2 ideas above or if you have any further questions. I appreciate your time and willingness to keep working with me to try and solve this matter. I will wait to hear from you. Thanks again.
Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 3rd, 2020, 7:09 pm

Hi Al,

Thank you for your questions and ideas... :D

I have been using personal computers since the mid-80s and learned two things - there is nothing to be surprised at in their behavior (there is always a reason, you just need to find it, which I’m doing now) and treat the computer like a doctor treats a patient (there isn’t two identical computers, even if they are identical in hardware).
Thus, before we will change something drastically, we need to find the reason for what is happening and not try to put on a well-known outfit on an inappropriate individual in size. :roll:
The YouTubes and Forbes article are not the sources for our directives, sorry.

I would like to ask you to uninstall the JDownloader 2 - after all you can install it again if it is really needed.

Step 1.
Remove Programs
  1. Please press the Windows Key + R.
  2. Enter appwiz.cpl into the text box and click OK.
  3. Locate the following program:
    JDownloader 2
  4. Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Don't worry if you can't find the program. Just be sure to let me know in your reply.
  5. When the listed program has been uninstalled, please close Control Panel
  6. If you will be asked by uninstaller to reboot (restart) your computer, do it.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2020-02-01]
    CHR Notifications: Default -> hxxps://my.jdownloader.org
    CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-04-06]
    2020-02-01 02:19 - 2018-12-15 20:32 - 000000000 ____D C:\Users\Al\AppData\Local\JDownloader 2.0
    2020-02-01 22:35 - 2020-02-01 22:35 - 000000102 ____H C:\Users\Al\Desktop\.~lock.Exystence – 1-23-20.odt#
    
    EmptyTemp:
    CMD: ipconfig /flushdns
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
ESET Online Scanner
  1. Please close all open programs and windows.
  2. Please go HERE then click on ONE-TIME SCAN and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it - it will start downloading some modules to be get ready for scan...
  4. Then it will start scanning... You need to be patient and wait for a while - it can take even a few hours to finish.
  5. When completed, in case anything will be found, you will need to click on Save scan log button and save the log on your Desktop as ESET.txt.
  6. Click on Continue, do it one more time on the next screen, then exit out of ESET Online Scanner by clicking on Close button.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Contents of the ESET.txt log file if it was saved
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 3rd, 2020, 11:49 pm

Dear pgmigg,

I have a question. I am starting Step 3 as you instruct above, but the ESET Scanner is asking me a question and I do not know how to answer it. I am about to start the scan, but the program presented the following question:

"Detection of Potentially Unwanted Applications
ESET can detect potentially unwanted applications and move them to the Quarantine. Potentially unwanted applications might not pose a security risk but they can affect your computer's performance, speed and reliability, or cause changes in behavior.
__ Enable ESET to detect and quarantine potentially unwanted applications
or
__ Disable ESET to detect and quarantine potentially unwanted applications"

Please let me know which option I should select and I will then proceed with the scan. Thank you for your assistance.
Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 3rd, 2020, 11:55 pm

Hi Al,

Good question! :D
Sorry, it was my fault - I forget to mention it as well. :oops:

Please select "Enable ESET to detect and quarantine potentially unwanted applications".

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 4th, 2020, 2:57 am

Dear pgmigg,

I have another question I would like to ask you. I just finished the ESET scan and the program is presenting me with a choice. "Scan your computer every month - With Periodic Scan activated, ESET Online Scanner can automatically run a scan and clean threats from your computer once a month for FREE. You can activate it even if you are currently using another antivirus provider - just as a backup." The default setting is set to Green with the next scan to automatically start on Feb. 23 at 18:00. Should I leave this auto scan function enabled and active or should I disable this feature? Please let me know how I should respond to this option. Thank you.

Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 4th, 2020, 11:59 am

Hi Al,

The time for such questions has not yet come - we will return to this issue (what is the best way to protect your computer and to staying safer online) later, when the computer is cleaned up, but for now I’m waiting for the requested logs from FRST and ESET if the last one exists.

Thank you,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Request Assistance - Infection where I can't open folder

Unread postby giffordal » February 4th, 2020, 3:55 pm

Dear pgmigg,

First, I wish to thank you for all of your help over the past 2 days. I truly appreciate it. Second, I wish to share the good news with you that your instructions worked perfectly - all of my file folders are now opening and operating normally again (but the ESET scan did find 1 infection). Below please find the scans and answers to your questions as well as some from me.

A. I had no problems executing your instructions. I appreciate that you crafted these instructions so I would not need to open any file folders to follow them.

B. Below are the contents of the Fixlog.txt file:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by Al (03-02-2020 20:26:49) Run:1
Running from C:\Users\Al\Desktop
Loaded Profiles: Al (Available Profiles: Al)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2020-02-01]
CHR Notifications: Default -> hxxps://my.jdownloader.org
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-04-06]
2020-02-01 02:19 - 2018-12-15 20:32 - 000000000 ____D C:\Users\Al\AppData\Local\JDownloader 2.0
2020-02-01 22:35 - 2020-02-01 22:35 - 000000102 ____H C:\Users\Al\Desktop\.~lock.Exystence – 1-23-20.odt#

EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default => moved successfully
"CHR Notifications:" => not found
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2019-04-06] => Error: No automatic fix found for this entry.
C:\Users\Al\AppData\Local\JDownloader 2.0 => moved successfully
"C:\Users\Al\Desktop\.~lock.Exystence – 1-23-20.odt#" => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11296768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 397189426 B
Java, Flash, Steam htmlcache => 931 B
Windows/system/drivers => 1705624 B
Edge => 2996118 B
Chrome => 6230536 B
Firefox => 312441911 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2761560 B
systemprofile32 => 2761560 B
LocalService => 2910780 B
NetworkService => 2911510 B
Al => 28004961 B

RecycleBin => 61615 B
EmptyTemp: => 735.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:44:14 ====

C. Below are the contents of the ESET.txt log file (note that the program found and deleted 1 Potentially Unwanted Application):

2/4/2020 1:28:16 AM
Files scanned: 543415
Detected files: 1
Cleaned files: 1
Total scan time 02:17:55
Scan status: Finished

C:\Users\Al\Downloads\JDownloaderSetup.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting


D. I wish to share the good news that your instructions appear to have fixed my computer - it is working exactly as it did before the webpage hijacking occurred on Feb. 1. Specifically, after I completed Step 2 above and restarted the computer, I noticed 2 things had changed: 1) my version of Google Chrome had been wiped of its history, passwords, etc. (which is fine) and 2) I was now able to open any file folder I wished like before.

Your instincts on how to fix my computer problem were absolutely right and I wish to thank you again for all of your efforts on my behalf over the past 2 days. Maybe I'm being prematurely optimistic, but seeing that the computer is working normally feels like a weight has been lifted from my shoulders and you have my sincere gratitude. I wish to thank you and your co-workers for providing this invaluable complimentary service to help novices like myself who sometimes find themselves in over their heads.

Please let me know if there are other scans or fixes you wish me to do and I will follow your instructions. I realize you have already spent a lot of time helping me and I don't want to take more of your time than is necessary but if you have any thoughts on the 2 questions I raise below, I would be very interested in hearing your responses to them when the repair process is finished.

Question 1) I understand that you may not be able to answer this question with certainty, but do you think that the JDownloader program was the problem or do you think that when Google Chrome was hijacked, the hacker inserted the PUA into the JDownloader files? I had been using JDownloader for over 6 months without any problems until this incident developed but I won't download it in the future if you think it is a bad idea.

Question 2) I have paid for 2 more years of McAfee antivirus protection, but this program didn't seem to do anything to stop my computer getting infected. Can you recommend any additional software I can download or use that would work in conjunction with McAfee to hopefully block this problem from taking place in the future?

Please accept my sincere thanks once more for your assistance and expertise. I will wait to hear from you.
Al
giffordal
Regular Member
 
Posts: 17
Joined: February 2nd, 2020, 12:03 am

Re: Request Assistance - Infection where I can't open folder

Unread postby pgmigg » February 4th, 2020, 6:30 pm

Hi Al,

Thanks a lot for your compliments and I glad to read that folders control was returned back to you - you are very welcome! :D

As I wrote previously we will have time to discuss McAfee and other defense software, but not now.
We are not finished yet and there are will be a few more steps before I will say 'All Clean' - so, let's continue our treatment...

Step 1.
Remove Chrome Extension
  1. Please type or copy chrome://extensions in Chrome’s address bar and Chrome will display your extensions in a nice grid.
    Each extension shows the icon, name, brief description, Details and Remove buttons, and status toggle.
  2. Try to find MyJDownloader extension:
    1. In case you find it, please click the Return button and the confirmation dialog will pop up. Click the Remove button again to confirm. Then close the Chrome and proceed to the Step 2.
    2. In case you cannot see this extension in the grid, please close the Chrome and proceed to the Step 2 immediately.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Please press the Windows Key + R.
  4. Type notepad.exe into the text box and click OK.
  5. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
    
    EmptyTemp:
    
  6. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  7. Right click on FRST64.exe and select Run as administrator.
  8. Press the Fix button one time only and wait.
  9. When FRST finishes you will be prompted to reboot your computer. Click OK.
  10. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
Fresh FRST64 Scan
You should still have FRST64.exe on your Desktop.
  1. Please close all open programs and windows.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer if it is occurred.
  4. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  5. Please be sure that Addition.txt check box under Optional Scan section is checked.
  6. Press Scan button. When finished a two logs FRST.txt. and Addition.txt will be created and opened in Notepad.
  7. Please post the content of the both FRST.txt and Addition.txt in your next reply and post them separately.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Contents of the FRST.txt log file after fresh FRST scan
  4. Contents of the Addition.txt log file after fresh FRST scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 403 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware