Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan: HTML/FakeAlert found on my PC, what other nasties?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan: HTML/FakeAlert found on my PC, what other nasties?

Unread postby six-h » March 12th, 2019, 12:35 pm

I have three machines running Windows 10.
1) (primary machine I'm currently using) Intel NUC6i5SYH self build running W10Pro.
2) Medion Erazer not used since mid Dec had Win8 upgraded to 8.1 and then W10Home
3) Toshiba L750D-14R given to me but no password. COA evidenced "Win7Prem OA", upon gaining access surprised to find it running Win10Pro!

Sunday March 10th, I noticed four items in my Yahoo spam folder, one had been there since Feb6th I think, and I was intrigued by it as the language in the preview was more eloquent than that normally used in such messages, it said: "You may be surprised to receive this message..."

It claimed to have installed a keylogger and uploaded all my files to the cloud, so there was no point in trying to delete files.
They had control of my camera and had recordings which they would post to all my ymail contacts if I failed to pay a ransome to their bitcoin account of Pounds or Euros to the value of 568, not sure about the currency or the amount but is was an odd figure.
They also stated they had embedded a tracking pixel and would be aware when I opened the mail.

In my panic, and shock, I deleted the message, possibly not the wisest move!

I immediately scanned the machine with MBAM and found nothing.

Monday 11th March, for the first time, Windows Defender "found" something:-
"Trojan: HTML/FakeAlert" which it declared to be dangerous and executes commands from an attacker.
It showed the file path and name as "This computer is Blocked.html" and it was residing in my Downloads folder!
I immediately scanned with MBAM and downloaded and ran "Microsoft Support Emergency Response Tool" neither of which found anything.

I think I can recall when this "Trojan: HTML/FakeAlert" might have downloaded.
Back at the end of December/ early Jan, I was researching Bluetooth Speakers, and had several tabs open in Chrome browser for comparison when I was aware of an Air Horn sounding, I ignored it thinking it was from the TV, but eventually realised it was the PC and found that one of my tabs had changed to a page showing a large message in Red and Yellow advising the computer had been blocked and not to try to close the tab which I of course did, ...to no avail, I couldn't even close the browser!
Had to shut down with it running and re boot.
Fortunately all seemed well and a scan with defender returned no results so I forgot about it.
...until now!


In the evening of March 11th, I was alerted to the fact that Windows Defender had found a Trojan "HTML FakeAlert" which it considered a severe threat.
This is the first time Defender has found anything!
MBAM however did not find it when I scanned lastnight and I've not been on any dodgy sites!
The file was in my downloads aparently, and I had seen it but not realised what it was, it was entitled "This Computer is Blocked".
I recall when I think this happened.
I was researching Bluetooth speakers and had several tabs open in Chrome browser when I kept hearing a loud "Horn" sound!
checking each tab, I eventually found one had the generic "This Computer Is Blocked" page showing, and despite trying to close the tab, I couldn't, I don't think I could even close the browser!.
I had to do a shut down whilst the browser was running and reboot.
Since all appeared normal thereafter, I took no further action other than to run scans with Defender and MBAM neither of which found any problems.
This Email threat, had been languishing in my spam folder in my Yahoo account since Feb 6th which might have been a week or two after the "This Computer Is Blocked" event.
Yahoo were hacked some time ago and I changed my passwords with the Ymail accounts once they notified us, just to be on the safe side.

Ymail (eventually) avised us last year that they had been hacked and advised a change of password might be in order, so I followed their advice hoping it would all be OK.

I have taken a couple of hours to compose this in order to give you a full picture of my experience in the hope it might help.
Unfortunately when attaching the log files and hitting "Post", the whole lot disappeared into the ether!
I have spent another coulpe of hours hurriedly re-hashing that original , on Notepad and hope it still remains fairly lucid!
Logs:-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2019
Ran by Geoff (administrator) on GEOFFS-NUC (12-03-2019 14:17:53)
Running from C:\Users\Geoff\Downloads
Loaded Profiles: Geoff (Available Profiles: Geoff)
Platform: Windows 10 Pro Version 1809 17763.316 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\IntelCpHDCPSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Network Platform Group -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) D:\program files\Macrium Reflect\ReflectService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(LULU SOFTWARE LIMITED -> LULU Software Limited) D:\program files\Soda PDF 5\HelperService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Malwarebytes Corporation -> Malwarebytes) D:\program files\Anti-Malware\MBAMService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation -> Malwarebytes) D:\program files\Anti-Malware\mbamtray.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Geoff\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(WordWeb Software -> WordWeb Software) D:\program files\WordWeb\wweb32.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(WordWeb Software -> WordWeb Software) D:\program files\WordWeb\WordWebChromeExtension.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxTsr.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-06-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-2450168246-407284015-3673941950-1001\...\Run: [WordWeb] => D:\program files\WordWeb\wweb32.exe [81120 2016-02-12] (WordWeb Software -> WordWeb Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-01] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{454c317c-74b5-4045-bf14-f85df2d6fb92}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2450168246-407284015-3673941950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> D:\program files\Soda PDF 5\PDFIEHelper.dll [2013-06-12] (LULU SOFTWARE LIMITED -> LULU Software Limited)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - D:\program files\Soda PDF 5\PDFIEPlugin.dll [2013-06-12] (LULU SOFTWARE LIMITED -> LULU Software Limited)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2450168246-407284015-3673941950-1001 -> hxxps://www.google.co.uk/

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [FFSodaPDF5Converter@sodapdf.com] - D:\program files\Soda PDF 5\FFSoda5Ext
FF Extension: (Soda PDF 5 Converter For Firefox) - D:\program files\Soda PDF 5\FFSoda5Ext [2018-10-29] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> D:\program files\VLC\npvlc.dll [2018-12-20] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> D:\program files\VLC\npvlc.dll [2018-12-20] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> D:\program files\VLC\npvlc.dll [2018-12-20] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://mail.google.com/mail/ca/u/0/#inbox
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/ca/u/0/#inbox"
CHR Profile: C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default [2019-03-12]
CHR Extension: (Slides) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-14]
CHR Extension: (Docs) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-14]
CHR Extension: (Google Drive) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-14]
CHR Extension: (Sheets) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-14]
CHR Extension: (WordWeb Dictionary Lookup) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilikenhndcpmliapkmmhoimckaokmihm [2018-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-14]
CHR Extension: (Gmail) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; D:\program files\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 ReflectService.exe; D:\program files\Macrium Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Soda PDF 5 Helper Service; D:\program files\Soda PDF 5\HelperService.exe [1097544 2013-06-12] (LULU SOFTWARE LIMITED -> LULU Software Limited)
S2 Soda PDF 5 Service; D:\program files\Soda PDF 5\ConversionService.exe [794440 2013-06-12] (LULU SOFTWARE LIMITED -> LULU Software Limited)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-10] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. -> ITE Tech. Inc. )
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-12 14:17 - 2019-03-12 14:18 - 000013980 _____ C:\Users\Geoff\Downloads\FRST.txt
2019-03-12 14:17 - 2019-03-12 14:17 - 000000000 ____D C:\FRST
2019-03-12 14:16 - 2019-03-12 14:16 - 002434560 _____ (Farbar) C:\Users\Geoff\Downloads\FRST64.exe
2019-03-12 12:19 - 2019-03-12 12:19 - 000000000 ___HD C:\OneDriveTemp
2019-03-11 19:05 - 2019-03-11 19:06 - 093968048 _____ (Microsoft Corporation) C:\Users\Geoff\Downloads\msert.exe
2019-03-10 13:41 - 2019-03-10 13:41 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-07 00:32 - 2019-03-07 00:32 - 000001033 _____ C:\Users\Geoff\Desktop\OPTEGRA .txt
2019-03-05 15:22 - 2019-03-05 17:10 - 000001830 _____ C:\Users\Geoff\Desktop\Amazon Promotional credit.txt
2019-03-01 16:08 - 2019-03-01 16:08 - 014298952 _____ (LULU Software) C:\Users\Geoff\Downloads\Soda_PDF_11_Installer.exe
2019-02-27 16:55 - 2019-02-27 16:55 - 001718883 _____ C:\Users\Geoff\Downloads\Ambiano_Cooler_md37182.pdf
2019-02-23 00:51 - 2019-03-02 18:14 - 000001030 _____ C:\Users\Geoff\Desktop\Posted on Trafford Freecycle.txt
2019-02-22 18:25 - 2019-02-22 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-22 18:25 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-22 18:25 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-21 11:30 - 2019-02-21 11:46 - 000000000 ____D C:\Users\Geoff\AppData\Roaming\Aurora HDR 2018
2019-02-21 11:30 - 2019-02-21 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aurora
2019-02-21 02:32 - 2019-02-21 02:35 - 000000000 ____D C:\Users\Geoff\Downloads\Digital Camera Feb 2019
2019-02-17 13:18 - 2019-02-17 13:18 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 005440008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 002278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 001282640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 001259024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-17 13:18 - 2019-02-17 13:18 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 000762272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 000421904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2019-02-17 13:18 - 2019-02-17 13:18 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 023439360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 022111856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 020812288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 019023872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 009683984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 008875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 007897088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 006540424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 006070272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005584864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005565952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005561856 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005527552 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005205464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004991096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004885504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004702704 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004688896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 004526080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004298752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 004019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003556352 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 003386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002992640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002927120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 002776920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002721280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 002702528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002626592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002187264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002149368 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002072728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001969680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001720936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001700880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001696936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-17 13:17 - 2019-02-17 13:17 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001671864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001604096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001533440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001467560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001467384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001341584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-17 13:17 - 2019-02-17 13:17 - 001331744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001271608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 001209360 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001178344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 001168384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000982576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000982032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000970256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000864056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000850968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000822448 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000806560 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-17 13:17 - 2019-02-17 13:17 - 000806560 _____ C:\WINDOWS\system32\locale.nls
2019-02-17 13:17 - 2019-02-17 13:17 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000765960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000752136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000726208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000652320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000651304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000629576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000612368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000604552 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000588304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000535048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000522312 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000475152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-17 13:17 - 2019-02-17 13:17 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000419128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000408800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000353488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000277536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000276488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000262672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000203280 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MTF.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000148480 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000132104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000121872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000114856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlahc.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nslookup.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nslookup.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo-overrides.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000047136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-17 13:17 - 2019-02-17 13:17 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2019-02-17 13:17 - 2019-02-17 13:17 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-02-17 13:17 - 2019-02-17 13:17 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-12 14:10 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-12 12:50 - 2018-12-30 00:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-12 12:19 - 2016-07-03 17:05 - 000000000 ___RD C:\Users\Geoff\OneDrive
2019-03-12 12:18 - 2016-07-03 17:25 - 000000000 __SHD C:\Users\Geoff\IntelGraphicsProfiles
2019-03-11 15:47 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-10 14:06 - 2018-06-15 14:17 - 000000000 ____D C:\Users\Geoff\AppData\Roaming\vlc
2019-03-09 12:53 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-06 14:22 - 2018-12-30 00:19 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2450168246-407284015-3673941950-1001
2019-03-06 14:22 - 2018-12-30 00:16 - 000002363 _____ C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-05 15:15 - 2018-09-15 07:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-04 16:32 - 2018-12-30 00:21 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-04 16:32 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2019-03-04 16:18 - 2016-10-19 12:23 - 000000000 ____D C:\Users\Geoff\AppData\Local\ElevatedDiagnostics
2019-03-01 23:46 - 2018-10-14 18:02 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 21:57 - 2018-10-08 14:45 - 000076904 _____ C:\Users\Geoff\AppData\Local\GDIPFONTCACHEV1.DAT
2019-02-23 13:44 - 2018-05-11 20:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-22 18:25 - 2018-09-15 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-21 11:30 - 2016-07-03 17:18 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-20 14:38 - 2018-12-05 23:53 - 000002596 _____ C:\Users\Geoff\Desktop\Posterior Capsulotomy.txt
2019-02-18 14:18 - 2018-12-30 00:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-18 14:18 - 2018-12-30 00:14 - 000438656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-18 14:18 - 2017-12-13 18:24 - 000000000 ___RD C:\Users\Geoff\3D Objects
2019-02-18 14:18 - 2016-04-27 05:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-02-18 01:41 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 01:41 - 2018-09-15 06:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-18 01:41 - 2018-09-15 06:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-02-17 19:27 - 2018-10-18 23:46 - 000000000 ____D C:\Users\Geoff\Documents\Partime EBA
2019-02-17 13:15 - 2018-09-15 07:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-17 13:15 - 2018-09-15 07:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-17 13:15 - 2016-07-03 20:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-17 13:14 - 2016-07-03 20:56 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-17 13:12 - 2018-07-08 17:54 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories =======

2016-07-18 22:34 - 2018-05-30 23:47 - 000007605 _____ () C:\Users\Geoff\AppData\Local\Resmon.ResmonCfg
2016-07-19 14:56 - 2015-06-01 19:50 - 000010240 _____ () C:\Users\Geoff\AppData\Local\Z@!-45e1e996-ce1d-4920-b5a6-a3dfb9965471.tmp
2016-07-19 14:56 - 2015-06-01 19:50 - 000009216 _____ () C:\Users\Geoff\AppData\Local\Z@S!-42489366-6961-43f3-ae55-ca0debad8acd.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019
Ran by Geoff (12-03-2019 14:18:50)
Running from C:\Users\Geoff\Downloads
Windows 10 Pro Version 1809 17763.316 (X64) (2018-12-30 00:19:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2450168246-407284015-3673941950-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2450168246-407284015-3673941950-503 - Limited - Disabled)
Geoff (S-1-5-21-2450168246-407284015-3673941950-1001 - Administrator - Enabled) => C:\Users\Geoff
Guest (S-1-5-21-2450168246-407284015-3673941950-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2450168246-407284015-3673941950-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aurora HDR 2018 (HKLM\...\{BB7ADD89-7C4D-430B-9D3C-8597736DFB4E}) (Version: 1.2.0.2114 - Skylum) Hidden
Aurora HDR 2018 (HKLM-x32\...\{66060156-f85d-49d2-a414-29e2b65b7e27}) (Version: 1.2.0.2114 - Skylum)
Etcher 1.4.4 (only current user) (HKU\S-1-5-21-2450168246-407284015-3673941950-1001\...\573339af-d9e1-5dd3-804c-e0162fac1f41) (Version: 1.4.4 - Resin Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
Intel(R) Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel(R) Corporation) Hidden
Intel(R) Network Connections 20.7.68.0 (HKLM\...\PROSetDX) (Version: 20.7.68.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1603.5 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
LibreOffice 6.0.6.2 (HKLM\...\{982E3D14-3F50-412B-A1C2-BC9262E8810F}) (Version: 6.0.6.2 - The Document Foundation)
Macrium Reflect Free Edition (HKLM\...\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}) (Version: 6.1.1366 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2450168246-407284015-3673941950-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Soda PDF 5 (HKLM-x32\...\{DC25D68D-38AF-4768-83F2-680FD72285DF}) (Version: 5.1.192.10803 - LULU Software Limited)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2450168246-407284015-3673941950-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\program files\Macrium Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1-x32: [SodaPDFExtension] -> {A0F0A29A-1D9A-4FF8-AB02-42698B04534C} => D:\program files\Soda PDF 5\ContextMenuExt.dll [2013-06-12] (LULU SOFTWARE LIMITED -> LULU Software Limited)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => D:\program files\Macrium Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\program files\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxDTCM.dll [2018-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\program files\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00ABBEC4-E9FA-4E7C-836F-F00A018981EF} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION
Task: {0F8DE6A0-4C6F-4205-9813-409732A8E597} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14A9DE8B-2BB3-4E27-8FA7-ECAE8D175B8D} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {269400D7-4A8C-4E9C-A261-06DD6ED97BA4} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION
Task: {2C3AD936-4EB6-4551-A2DA-E7C61F52E8D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {3703CD3B-F2DB-4E9E-9967-B79234939C4F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION
Task: {55604274-F480-4403-A7D9-264C807852BE} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION
Task: {7A6701D8-5D9D-4123-A4C6-7D3F3F31D1BB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7CC820E5-0E65-4088-96C5-91DBDB7B8C64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {99509E76-951F-4989-B7C6-250BB795D477} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C86DC2FE-FB9B-4943-A3D5-8F7DC9D8D164} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CA01BF79-217C-481A-AF7B-6366885417E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D70E7604-06BF-4276-B7A4-17D10E2BEF1C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION
Task: {F17E3056-CF59-4F29-A0FF-CA011973243F} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-02-19 14:40 - 2016-02-19 14:40 - 000306688 _____ (Intel(R) Corporation) [File not signed] C:\Windows\system32\NCS2Setp.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Widgets.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Quick.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5WinExtras.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Network.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Qml.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Gui.dll
2019-02-22 18:25 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Core.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\platforms\qwindows.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\imageformats\qico.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\imageformats\qsvg.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\Qt5Svg.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-22 18:25 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] D:\program files\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 07:24 - 2015-10-30 07:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2450168246-407284015-3673941950-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Geoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{37A3623C-4024-4D55-82DA-D89F432BC445}D:\program files\vlc\vlc.exe] => (Allow) D:\program files\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{8282E825-1874-4AAB-AAC7-EC132BD46175}D:\program files\vlc\vlc.exe] => (Allow) D:\program files\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5D6D7B20-5A85-4B8A-8E89-8EF6AA9E5FD2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{02DA6159-1D4B-400B-B9F7-29F5A230C5C8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe No File
FirewallRules: [{E2B13F91-570A-430A-BD59-64895868B9E1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{2FE558E7-FA9A-4EA0-AE59-AFA82BD66A86}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2019 05:06:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Notes.exe version 3.1.46.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 11d4

Start Time: 01d4a518f9a2c32c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

Report Id: 1f15aa57-2e06-4a44-bbf5-c1df2fa6f0cc

Faulting package full name: Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (01/04/2019 05:26:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Notes.exe version 3.1.46.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2928

Start Time: 01d4a452924ac83c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

Report Id: 792eb335-ff90-49ec-9743-4921a5838047

Faulting package full name: Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (12/30/2018 12:18:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.


System errors:
=============
Error: (03/12/2019 12:19:01 PM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-NUC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user GEOFFS-NUC\Geoff SID (S-1-5-21-2450168246-407284015-3673941950-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:18:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2019 12:18:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2019 11:58:45 AM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-NUC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user GEOFFS-NUC\Geoff SID (S-1-5-21-2450168246-407284015-3673941950-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2019 11:58:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2019 11:58:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2019 11:13:37 AM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-NUC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user GEOFFS-NUC\Geoff SID (S-1-5-21-2450168246-407284015-3673941950-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2019 11:13:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-03-08 17:37:42.697
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:HTML/FakeAlert
ID: 2147726713
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Geoff\Downloads\This computer is BLOCKED.html
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.289.692.0, AS: 1.289.692.0, NIS: 1.289.692.0
Engine Version: AM: 1.1.15700.9, NIS: 1.1.15700.9

Date: 2019-02-17 23:08:59.149
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.287.189.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80070643
Error description: Fatal error during installation.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6260U CPU @ 1.80GHz
Percentage of memory in use: 55%
Total physical RAM: 8081.72 MB
Available physical RAM: 3625.73 MB
Total Virtual: 9563.12 MB
Available Virtual: 4373.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:81.87 GB) NTFS
Drive d: (Files) (Fixed) (Total:931.39 GB) (Free:929.46 GB) NTFS

\\?\Volume{dfe2f3c7-ef22-46a0-b9a9-52203fc3faed}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS
\\?\Volume{0e4abd32-5e88-41f4-bda9-a5dad64dffe6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 300A86D1)

Partition: GPT.

==================== End of Addition.txt ============================
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England
Advertisement
Register to Remove

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 12th, 2019, 2:56 pm

Hello six-h,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 3:11 pm

Grateful for your help pgmigg :)
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 12th, 2019, 3:58 pm

Hello six-h,

Step 1.
Run CKScanner
  1. Please download CKScanner from here and save it to your Desktop <----------------- Important!!!
  2. Double-click CKScanner.exe and click Search For Files.
  3. After a very short time, when the cursor hourglass disappears, click Save List To File.
  4. A message box will verify the file saved.
  5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility from here and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here and save it to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 4:18 pm

OK pgmigg;
STEP 1. Here's "ckfiles.txt:"
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\baked sweet potato chips.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\breakfast recipe cypriot katimeri.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\chip shop curry sauce.docx
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\chocolate blancmange.docx
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\chocolate mint syrup and peppermint syrup .pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\chocolate syrup.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\easy strawberry jam with no pectin.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\hersha patel's dhal with coconut chutney.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\home made crackers for cheese.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\houmous.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\how to make the creamiest, dreamiest hummus copy.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\lemon cheese.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\perfect sweet potato fries.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\phil's crispy savoury pancakes.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\swedish meatball sauce.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\water crackers - easy biscuits for cheese.pdf
c:\users\geoff\onedrive\documents\recipes\sauces crackers & fries\yellow pea dal.docx
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17763.1_none_ad6c66b207e8c478\ssh-keygen.exe
scanner sequence 3.KG.11.QBNASZ
----- EOF -----
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 4:19 pm

Step 2.
Here's sysinfo. text:
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i5-6260U CPU @ 1.80GHz, Intel64 Family 6 Model 78 Stepping 3
Processor Count: 4
RAM: 8081 Mb
Graphics Card: Intel(R) Iris(R) Graphics 540, 1024 Mb
Hard Drives: C: 118 GB (81 GB Free); D: 931 GB (929 GB Free);
Motherboard: Intel corporation, NUC6i5SYB
Antivirus: Windows Defender, Enabled and Updated


Step 3.
Ineed confirmation that the prompt from "codecheck" to download and install ".NET Framework 3.5 (includes .NET 2 and 3)" and I'll then post back step 3 seperately if that's OK.
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 12th, 2019, 4:55 pm

Yes, you can install what "codecheck" asked and please return here with the its log as well as with your answer for my question related to type of using of your computer.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 5:09 pm

Step 3.
Hmm! not sure that went according to plan, after installing .NET framework, needed a reboot to complete and the result of running "codecheck" as admin is as follows:-

Codecheck Version 1.0

03012


Think my recipes were better! ;)

The only problem I had was the unexpected need for .NET Framework 3.5 et al.

This machine was built by myself from an NUC bare bones kit in 2016, and is for my own sole personal use.
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 12th, 2019, 5:30 pm

Hi six-x,

Please do the following... MGA Diagnostics
  1. Please download and save the following tool to your Desktop: Link.
  2. Right-click on MGADiag.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  3. Select Continue. The diagnosis will now begin.
  4. When the process is over, click Copy.
  5. Open Notepad and paste the contents.
  6. Save this file as MGADiag.txt.
  7. Post the content on MGADiag.txt in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of MGADiag.txt log file

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 5:53 pm

Screenshot.GIF
Something's not right!
You do not have the required permissions to view the files attached to this post.
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 6:54 pm

pgmigg, ...you still there?
I'm getting the feeling that the diagnostic tool is finding some discrepancy regarding my Product Key despite haviung evidenced the last three groups correctly!
Is there something wrong??
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 12th, 2019, 8:09 pm

Hi six-h,

It is OK. Instead of MGA Diagnostics please run another scan:

  1. Open a search, and enter Command into the search field.
  2. Click on Command Prompt or cmd.exe (whichever is found)
  3. This will open a Command Window ...
    • Enter slmgr -dlv at the command prompt and hit Enter
    • After a few seconds a Windows Script Host Window will open.
    • Hit Ctrl + C to copy the contents of that window.
  4. Open a search, and enter Notepad into the search field.
  5. Click on Notepad or notepad.exe (whichever is found)
  6. This will open an empty Notepad file ...
    • Hit Ctrl + V to paste the contents of Windows Script Host into the empty Notepad file.
    • Save to your Desktop.
    • Now post me the contents of the Notepad file that you've just created please.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 8:20 pm

Hi pgmigg, that command opened a seperate window which I couldn't copy and paste, here's a screenshot of it:-
Windows Script Host.GIF
You do not have the required permissions to view the files attached to this post.
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby six-h » March 12th, 2019, 9:18 pm

pgmigg, suspect you have finished for the evening, thanks for your help so far, I'm hoping that the above is sufficient proof of a valid install!
I thought it was definitively stated somewhere in "Settings > About", but I can't find it either on this machine (NUC) or on the Erazer, I must have imagined it!
There is actually a story behind the Valid install on this machine, Hope you don't mind that I have PM'd you with the email exchanges in this regard, Microsoft are notably absent from the discussions since their contribution was via remote session and phone from Mumbai!
six-h
Banned Member
 
Posts: 152
Joined: June 7th, 2007, 8:02 pm
Location: England

Re: Trojan: HTML/FakeAlert found on my PC, what other nastie

Unread postby pgmigg » March 13th, 2019, 9:46 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal/cracked software including Operating System
  • Illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :

  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
  • Link to your closed topic.

Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 310 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware