Need help with my daughters PC.. She downloaded some iphone hacking crap.. and some other network stuff and her PC has been acting up.. We have sophos Home installed, and I've scanned with MlwareBytes, and a few others and gotten rid of some low hanging Unwanted apps and basic stuff.. Just want to make sure its all cleaned up.. something else still seems fishy.. Thanks:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Sabrina (administrator) on WORKTOP (20-07-2017 10:35:35)
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: Sabrina (Available Profiles: WORK & Sabrina)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\Desktop\av\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\AppData\Local\Temp\Procmon64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [88216 2017-01-20] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe [88024 2016-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [Smart-PSS] => C:\Program Files (x86)\Amcrest Surveillance Pro\Amcrest Surveillance Pro\SmartPSS.exe*****************************************
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480168 2017-07-17] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28112584 2017-05-16] (Microsoft Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [UCreate Music Mixer] => C:\Program Files (x86)\Radica\UCreate\Music\UCreate.exe [597616 2009-08-09] (Mattel Inc.)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\MountPoints2: {ebcea46d-686f-11e7-828d-24ec99e15e70} - "explorer.exe" "MyUCreateMusic.html"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-07-06] ()
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{02021F1B-A660-4096-8BE7-B40779C176ED}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{31E29C0A-D083-48C0-B9BE-C0B9E718C4D4}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{3ACE2D5D-3BA7-43D2-A187-9115B92FB62D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FEE11645-41A8-4741-85A3-DB8F1AFAB051}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3524799261-2934001270-7150906-1003 -> {2A882EE4-1883-4AD2-8F60-1E867C685738} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)
DPF: HKLM-x32 {25CE630D-3EA0-40D8-A7B4-502FD023AAE7} hxxp://192.168.0.13/img/Decoder.cab
DPF: HKLM-x32 {4B90BBA0-9621-48CB-810B-5A75E9CA6270} hxxp://192.168.0.13/img/MediaAccess.cab
DPF: HKLM-x32 {4E94DD12-E0E0-5C87-9E61-4F4C4B0052BB} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillanceHelper.cab?undefined
DPF: HKLM-x32 {D63FBD76-6EAA-43C0-BAFB-474D5FD9AD3F} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillancePlugin.cab?undefined
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\GNUCITIZEN\Websecurify Scanner\Profiles\liii1x0t.default [2017-07-15]
FF Extension: (No Name) - C:\Program Files (x86)\Websecurify Scanner\extensions\development@weaponry.gnucitizen.org [not found]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2017-05-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper_x86_64.dll [2017-04-17] (Synology)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin_x86_64.dll [2017-06-13] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll [2015-08-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper.dll [2017-04-17] (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin.dll [2017-06-13] (Synology)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-12-13] (Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-01]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-15]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-15]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-26]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-26]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-07-19]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-14]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-14]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-25]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-14]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4967632 2017-06-05] (SurfRight B.V.)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek)
S4 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [230752 2017-06-02] (Sophos Limited)
S4 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-06-02] (Sophos Limited)
S4 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925824 2017-01-26] (Sophos Limited)
S4 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [760672 2017-07-17] (Sophos Limited)
S4 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2017-07-17] (Sophos Limited)
S4 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2017-07-17] (Sophos Limited)
S4 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-06-02] (Sophos Limited)
S4 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
S4 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-06-02] (Sophos Limited)
S4 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3596088 2017-06-02] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [134288 2017-02-15] (Wondershare)
S2 FastvueSyslogServer; C:\Program Files\Fastvue\Syslog Server\Service\Fastvue.SyslogServer.Service.exe [X]
S2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 RunSwUSB; C:\Windows\runSW.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [58640 2015-10-17] ()
S3 dlcdcncm; C:\Windows\system32\DRIVERS\dlcdcncm62_x64.sys [91920 2015-10-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2015-10-16] (DisplayLink Corp.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-20] ()
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [250472 2017-07-17] (SurfRight B.V.)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2017-05-06] (Malwarebytes Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S3 OSFMount; C:\Program Files\OSForensics\OSFMount64\OSFMount.sys [1299384 2014-02-12] (PassMark Software)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-06-02] (Sophos Limited)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2017-06-02] (Sophos Limited)
R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [123848 2017-01-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-02] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-06-02] (Sophos Limited)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-20] ()
R1 TsLwWfF; C:\Windows\system32\DRIVERS\TsLwWfF.sys [39272 2016-08-04] (TamoSoft)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 10:35 - 2017-07-20 10:38 - 00022275 _____ C:\Users\Sabrina\Downloads\FRST.txt
2017-07-20 10:35 - 2017-07-20 10:35 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe
2017-07-20 08:40 - 2017-07-20 09:00 - 00000021 _____ C:\Windows\S.dirmngr
2017-07-20 08:36 - 2017-07-20 08:36 - 00021504 _____ C:\Users\Sabrina\Desktop\mginfo.txt
2017-07-20 08:34 - 2017-07-20 08:34 - 00008397 _____ C:\Users\Sabrina\Desktop\procdll.txt
2017-07-20 07:39 - 2017-07-20 07:39 - 01305367 _____ C:\Users\Sabrina\Downloads\Autoruns.zip
2017-07-20 07:18 - 2017-07-20 07:18 - 05200384 _____ (AVAST Software) C:\Users\Sabrina\Downloads\aswmbr.exe
2017-07-20 06:19 - 2017-07-20 06:19 - 00000000 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.bat
2017-07-20 05:23 - 2017-07-20 05:23 - 02509378 _____ C:\Users\Sabrina\Desktop\StoreLogs_2017-07-20_05-23-34.cab
2017-07-20 03:39 - 2017-07-20 03:39 - 00380928 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.exe
2017-07-20 03:26 - 2017-07-20 03:56 - 00097708 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_03.26.13_log.txt
2017-07-20 03:25 - 2017-07-20 03:25 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Sabrina\Downloads\tdsskiller.exe
2017-07-20 02:03 - 2017-07-20 02:03 - 00349829 _____ C:\Users\Sabrina\Desktop\MGlogsR.zip
2017-07-20 01:41 - 2017-07-20 01:41 - 00000000 _____ C:\Windows\system32\curdate
2017-07-20 01:24 - 2017-07-20 01:24 - 05659794 _____ (Swearware) C:\Users\Sabrina\Downloads\yoyoyo.exe
2017-07-20 01:16 - 2017-07-20 01:16 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition.txt
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition (1).txt
2017-07-20 00:23 - 2017-07-20 08:38 - 00000000 ____D C:\MGtools
2017-07-19 23:12 - 2017-07-19 23:12 - 00025222 _____ C:\Windows\system32\.crusader
2017-07-19 23:03 - 2017-07-19 23:03 - 01078590 _____ C:\wfp-filters.xml
2017-07-19 23:01 - 2017-07-19 23:01 - 01078590 _____ C:\Windows\system32\filters.xml
2017-07-19 22:49 - 2017-07-19 23:13 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 22:39 - 2017-07-20 09:02 - 00000000 ____D C:\AdwCleaner
2017-07-19 22:39 - 2017-07-19 22:39 - 01993530 _____ C:\Users\Sabrina\Downloads\MGtools.exe
2017-07-19 22:37 - 2017-07-19 22:38 - 11584088 _____ (SurfRight B.V.) C:\Users\Sabrina\Downloads\HitmanPro_x64.exe
2017-07-19 22:37 - 2017-07-19 22:37 - 08162248 _____ (Malwarebytes) C:\Users\Sabrina\Downloads\AdwCleaner.exe
2017-07-19 22:34 - 2017-07-19 22:34 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-19 21:37 - 2017-07-19 14:45 - 00192590 _____ C:\Windows\ntbtlog.txt
2017-07-19 18:45 - 2017-07-20 08:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-19 18:44 - 2017-07-19 18:44 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-19 18:42 - 2017-07-19 18:43 - 35679504 _____ (Adlice Software ) C:\Users\Sabrina\Downloads\RogueKiller_setup_ref3.exe
2017-07-19 18:01 - 2017-07-20 10:35 - 00000000 ____D C:\FRST
2017-07-19 18:00 - 2017-07-19 18:00 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2017-07-19 17:41 - 2017-07-19 17:42 - 08755368 _____ C:\Users\Sabrina\Downloads\latest.zip
2017-07-19 17:25 - 2015-04-06 08:30 - 00000000 ____D C:\Users\Sabrina\Documents\windows-privesc-check-master
2017-07-19 17:24 - 2017-07-19 17:25 - 07589322 _____ C:\Users\Sabrina\Downloads\windows-privesc-check-master.zip
2017-07-19 17:24 - 2017-07-19 17:24 - 00002140 _____ C:\Users\Public\Desktop\REALTEK USB Wireless LAN Utility.lnk
2017-07-19 17:24 - 2017-07-19 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility
2017-07-19 17:23 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2017-07-19 17:23 - 2007-04-26 14:05 - 00100000 _____ C:\Windows\SysWOW64\EAPPkt9x.VXD
2017-07-19 17:23 - 2001-09-26 11:03 - 00012981 _____ C:\Windows\SysWOW64\REALPKT.VXD
2017-07-19 17:22 - 2017-07-19 17:22 - 00000000 ____D C:\Program Files (x86)\REALTEK
2017-07-19 17:22 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2017-07-19 17:20 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-07-19 15:46 - 2017-07-19 21:38 - 00003460 _____ C:\Users\Sabrina\Desktop\wut.txt
2017-07-19 15:16 - 2016-07-06 17:32 - 00000000 ____D C:\Users\Sabrina\Documents\windows(xp,win7,win8.1)
2017-07-19 15:15 - 2017-07-19 15:16 - 42620831 _____ C:\Users\Sabrina\Downloads\rtl8811auwinxp7win81.zip
2017-07-19 14:56 - 2017-07-19 14:56 - 21041152 _____ C:\Users\Sabrina\Documents\crashed.evtx
2017-07-19 14:45 - 2017-07-19 14:45 - 726032001 _____ C:\Windows\MEMORY.DMP
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 ____D C:\Windows\Minidump
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 _____ C:\Windows\Minidump\071917-33531-01.dmp
2017-07-19 13:31 - 2017-07-19 13:31 - 21483146 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.5.178908_prod.gpg.img
2017-07-19 13:23 - 2017-07-19 13:23 - 23199744 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod (3).img
2017-07-19 13:04 - 2017-07-19 13:04 - 22675484 _____ C:\Users\Sabrina\Downloads\EA8500_webrevert.bin
2017-07-19 02:47 - 2017-07-19 02:47 - 00571759 _____ C:\Users\Sabrina\Downloads\IoT-spreading-wildfire-final.pdf
2017-07-19 02:08 - 2017-07-19 02:10 - 214603475 _____ C:\Users\Sabrina\Downloads\pygi-aio-3.24.1_rev1-setup_049a323fe25432b10f7e9f543b74598d4be74a39.exe
2017-07-19 00:53 - 2017-07-19 00:53 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Bishop_Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00002627 _____ C:\Users\Public\Desktop\SearchDiggity.lnk
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\Program Files (x86)\Bishop Fox
2017-07-19 00:42 - 2017-07-19 00:49 - 11722751 _____ C:\Users\Sabrina\Downloads\SearchDiggity_v3.1.0-MSI.zip
2017-07-19 00:42 - 2017-07-19 00:42 - 00007649 _____ C:\Users\Sabrina\Downloads\Shodan Queries.txt
2017-07-17 10:56 - 2017-07-17 10:56 - 07862485 _____ C:\Users\Sabrina\Downloads\Malware_Detection_with_OSSEC.pptx
2017-07-17 10:14 - 2017-07-17 10:14 - 00000000 _____ C:\Users\Sabrina\4.mhx
2017-07-17 03:38 - 2017-06-02 17:01 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-07-17 03:38 - 2017-06-02 17:00 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2017-07-17 03:37 - 2017-07-20 09:00 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-07-17 03:37 - 2017-07-17 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00933624 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00857856 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00250472 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-07-17 03:37 - 2017-01-26 13:23 - 00123848 _____ (Sophos Limited) C:\Windows\system32\Drivers\sntp.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00199552 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2017-07-17 03:36 - 2017-06-02 17:00 - 00045840 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2017-07-17 03:33 - 2017-07-17 03:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-07-17 03:25 - 2017-07-17 03:25 - 00005124 _____ C:\Users\Sabrina\Desktop\hashy.mhx
2017-07-17 03:21 - 2017-07-17 03:21 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\abelhadigital.com
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer.zip
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer (1).zip
2017-07-17 03:18 - 2017-07-17 03:18 - 00001183 _____ C:\Users\Public\Desktop\MultiHasher.lnk
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiHasher
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\Program Files (x86)\MultiHasher
2017-07-17 03:06 - 2017-07-17 03:07 - 249140816 _____ (Sophos Limited) C:\Users\Sabrina\Downloads\SophosInstall (1).exe
2017-07-17 02:11 - 2017-07-17 02:12 - 00046080 ___SH C:\Users\Sabrina\AppData\Local\Thumbs.db
2017-07-16 07:19 - 2017-07-16 07:19 - 00167296 _____ (Gibson Research Corp.) C:\Users\Sabrina\Downloads\DNSBench.exe
2017-07-16 05:19 - 2017-07-16 05:19 - 00000389 _____ C:\Users\Sabrina\Desktop\API KEYS.txt
2017-07-16 01:23 - 2017-07-16 01:23 - 00065910 _____ C:\Users\Sabrina\Downloads\datasploit-master.zip
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Sabrina (administrator) on WORKTOP (20-07-2017 10:35:35)
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: Sabrina (Available Profiles: WORK & Sabrina)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\Desktop\av\Procmon.exe
(Sysinternals - www.sysinternals.com) C:\Users\Sabrina\AppData\Local\Temp\Procmon64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [88216 2017-01-20] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\FoneLab\AppService.exe [88024 2016-11-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [Smart-PSS] => C:\Program Files (x86)\Amcrest Surveillance Pro\Amcrest Surveillance Pro\SmartPSS.exe*****************************************
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1480168 2017-07-17] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [28112584 2017-05-16] (Microsoft Corporation)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\Run: [UCreate Music Mixer] => C:\Program Files (x86)\Radica\UCreate\Music\UCreate.exe [597616 2009-08-09] (Mattel Inc.)
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\...\MountPoints2: {ebcea46d-686f-11e7-828d-24ec99e15e70} - "explorer.exe" "MyUCreateMusic.html"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-07-06] ()
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{02021F1B-A660-4096-8BE7-B40779C176ED}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{31E29C0A-D083-48C0-B9BE-C0B9E718C4D4}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{3ACE2D5D-3BA7-43D2-A187-9115B92FB62D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FEE11645-41A8-4741-85A3-DB8F1AFAB051}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3524799261-2934001270-7150906-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3524799261-2934001270-7150906-1003 -> {2A882EE4-1883-4AD2-8F60-1E867C685738} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)
DPF: HKLM-x32 {25CE630D-3EA0-40D8-A7B4-502FD023AAE7} hxxp://192.168.0.13/img/Decoder.cab
DPF: HKLM-x32 {4B90BBA0-9621-48CB-810B-5A75E9CA6270} hxxp://192.168.0.13/img/MediaAccess.cab
DPF: HKLM-x32 {4E94DD12-E0E0-5C87-9E61-4F4C4B0052BB} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillanceHelper.cab?undefined
DPF: HKLM-x32 {D63FBD76-6EAA-43C0-BAFB-474D5FD9AD3F} hxxp://192.168.1.100:5000/webman/3rdparty/SurveillanceStation/object/SurveillancePlugin.cab?undefined
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\GNUCITIZEN\Websecurify Scanner\Profiles\liii1x0t.default [2017-07-15]
FF Extension: (No Name) - C:\Program Files (x86)\Websecurify Scanner\extensions\development@weaponry.gnucitizen.org [not found]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2017-05-25] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper_x86_64.dll [2017-04-17] (Synology)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin_x86_64.dll [2017-06-13] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll [2015-08-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.5\npSurveillanceHelper.dll [2017-04-17] (Synology)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.1217\npSurveillancePlugin.dll [2017-06-13] (Synology)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-12-13] (Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-01]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-15]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-15]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-26]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-26]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-07-19]
CHR Extension: (Google Slides) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-14]
CHR Extension: (Google Docs) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-14]
CHR Extension: (Google Drive) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (Google Sheets) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-25]
CHR Extension: (Skype) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-14]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4967632 2017-06-05] (SurfRight B.V.)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
S2 RTLDHCPService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek)
S4 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [230752 2017-06-02] (Sophos Limited)
S4 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-06-02] (Sophos Limited)
S4 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925824 2017-01-26] (Sophos Limited)
S4 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [760672 2017-07-17] (Sophos Limited)
S4 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2017-07-17] (Sophos Limited)
S4 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2017-07-17] (Sophos Limited)
S4 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-06-02] (Sophos Limited)
S4 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
S4 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-06-02] (Sophos Limited)
S4 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3596088 2017-06-02] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [134288 2017-02-15] (Wondershare)
S2 FastvueSyslogServer; C:\Program Files\Fastvue\Syslog Server\Service\Fastvue.SyslogServer.Service.exe [X]
S2 RealtekWlanU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 RunSwUSB; C:\Windows\runSW.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [58640 2015-10-17] ()
S3 dlcdcncm; C:\Windows\system32\DRIVERS\dlcdcncm62_x64.sys [91920 2015-10-16] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [229648 2015-10-16] (DisplayLink Corp.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-20] ()
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [250472 2017-07-17] (SurfRight B.V.)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2017-05-06] (Malwarebytes Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [71888 2017-06-12] (Insecure.Com LLC.)
S3 OSFMount; C:\Program Files\OSForensics\OSFMount64\OSFMount.sys [1299384 2014-02-12] (PassMark Software)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [199552 2017-06-02] (Sophos Limited)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2017-06-02] (Sophos Limited)
R2 sntp; C:\Windows\system32\DRIVERS\sntp.sys [123848 2017-01-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-02] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [47760 2017-06-02] (Sophos Limited)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-07-20] ()
R1 TsLwWfF; C:\Windows\system32\DRIVERS\TsLwWfF.sys [39272 2016-08-04] (TamoSoft)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 10:35 - 2017-07-20 10:38 - 00022275 _____ C:\Users\Sabrina\Downloads\FRST.txt
2017-07-20 10:35 - 2017-07-20 10:35 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64 (1).exe
2017-07-20 08:40 - 2017-07-20 09:00 - 00000021 _____ C:\Windows\S.dirmngr
2017-07-20 08:36 - 2017-07-20 08:36 - 00021504 _____ C:\Users\Sabrina\Desktop\mginfo.txt
2017-07-20 08:34 - 2017-07-20 08:34 - 00008397 _____ C:\Users\Sabrina\Desktop\procdll.txt
2017-07-20 07:39 - 2017-07-20 07:39 - 01305367 _____ C:\Users\Sabrina\Downloads\Autoruns.zip
2017-07-20 07:18 - 2017-07-20 07:18 - 05200384 _____ (AVAST Software) C:\Users\Sabrina\Downloads\aswmbr.exe
2017-07-20 06:19 - 2017-07-20 06:19 - 00000000 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.bat
2017-07-20 05:23 - 2017-07-20 05:23 - 02509378 _____ C:\Users\Sabrina\Desktop\StoreLogs_2017-07-20_05-23-34.cab
2017-07-20 03:39 - 2017-07-20 03:39 - 00380928 _____ C:\Users\Sabrina\Downloads\7uc7zlgr.exe
2017-07-20 03:26 - 2017-07-20 03:56 - 00097708 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_03.26.13_log.txt
2017-07-20 03:25 - 2017-07-20 03:25 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Sabrina\Downloads\tdsskiller.exe
2017-07-20 02:03 - 2017-07-20 02:03 - 00349829 _____ C:\Users\Sabrina\Desktop\MGlogsR.zip
2017-07-20 01:41 - 2017-07-20 01:41 - 00000000 _____ C:\Windows\system32\curdate
2017-07-20 01:24 - 2017-07-20 01:24 - 05659794 _____ (Swearware) C:\Users\Sabrina\Downloads\yoyoyo.exe
2017-07-20 01:16 - 2017-07-20 01:16 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition.txt
2017-07-20 00:25 - 2017-07-20 00:25 - 00028860 _____ C:\Users\Sabrina\Downloads\Addition (1).txt
2017-07-20 00:23 - 2017-07-20 08:38 - 00000000 ____D C:\MGtools
2017-07-19 23:12 - 2017-07-19 23:12 - 00025222 _____ C:\Windows\system32\.crusader
2017-07-19 23:03 - 2017-07-19 23:03 - 01078590 _____ C:\wfp-filters.xml
2017-07-19 23:01 - 2017-07-19 23:01 - 01078590 _____ C:\Windows\system32\filters.xml
2017-07-19 22:49 - 2017-07-19 23:13 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 22:39 - 2017-07-20 09:02 - 00000000 ____D C:\AdwCleaner
2017-07-19 22:39 - 2017-07-19 22:39 - 01993530 _____ C:\Users\Sabrina\Downloads\MGtools.exe
2017-07-19 22:37 - 2017-07-19 22:38 - 11584088 _____ (SurfRight B.V.) C:\Users\Sabrina\Downloads\HitmanPro_x64.exe
2017-07-19 22:37 - 2017-07-19 22:37 - 08162248 _____ (Malwarebytes) C:\Users\Sabrina\Downloads\AdwCleaner.exe
2017-07-19 22:34 - 2017-07-19 22:34 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-19 21:37 - 2017-07-19 14:45 - 00192590 _____ C:\Windows\ntbtlog.txt
2017-07-19 18:45 - 2017-07-20 08:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-19 18:44 - 2017-07-19 18:44 - 00000870 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-19 18:44 - 2017-07-19 18:44 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-19 18:42 - 2017-07-19 18:43 - 35679504 _____ (Adlice Software ) C:\Users\Sabrina\Downloads\RogueKiller_setup_ref3.exe
2017-07-19 18:01 - 2017-07-20 10:35 - 00000000 ____D C:\FRST
2017-07-19 18:00 - 2017-07-19 18:00 - 02382336 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2017-07-19 17:41 - 2017-07-19 17:42 - 08755368 _____ C:\Users\Sabrina\Downloads\latest.zip
2017-07-19 17:25 - 2015-04-06 08:30 - 00000000 ____D C:\Users\Sabrina\Documents\windows-privesc-check-master
2017-07-19 17:24 - 2017-07-19 17:25 - 07589322 _____ C:\Users\Sabrina\Downloads\windows-privesc-check-master.zip
2017-07-19 17:24 - 2017-07-19 17:24 - 00002140 _____ C:\Users\Public\Desktop\REALTEK USB Wireless LAN Utility.lnk
2017-07-19 17:24 - 2017-07-19 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility
2017-07-19 17:23 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2017-07-19 17:23 - 2007-04-26 14:05 - 00100000 _____ C:\Windows\SysWOW64\EAPPkt9x.VXD
2017-07-19 17:23 - 2001-09-26 11:03 - 00012981 _____ C:\Windows\SysWOW64\REALPKT.VXD
2017-07-19 17:22 - 2017-07-19 17:22 - 00000000 ____D C:\Program Files (x86)\REALTEK
2017-07-19 17:22 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2017-07-19 17:20 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-07-19 15:46 - 2017-07-19 21:38 - 00003460 _____ C:\Users\Sabrina\Desktop\wut.txt
2017-07-19 15:16 - 2016-07-06 17:32 - 00000000 ____D C:\Users\Sabrina\Documents\windows(xp,win7,win8.1)
2017-07-19 15:15 - 2017-07-19 15:16 - 42620831 _____ C:\Users\Sabrina\Downloads\rtl8811auwinxp7win81.zip
2017-07-19 14:56 - 2017-07-19 14:56 - 21041152 _____ C:\Users\Sabrina\Documents\crashed.evtx
2017-07-19 14:45 - 2017-07-19 14:45 - 726032001 _____ C:\Windows\MEMORY.DMP
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 ____D C:\Windows\Minidump
2017-07-19 14:45 - 2017-07-19 14:45 - 00000000 _____ C:\Windows\Minidump\071917-33531-01.dmp
2017-07-19 13:31 - 2017-07-19 13:31 - 21483146 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.5.178908_prod.gpg.img
2017-07-19 13:23 - 2017-07-19 13:23 - 23199744 _____ C:\Users\Sabrina\Downloads\FW_EA8500_1.1.4.169978_prod (3).img
2017-07-19 13:04 - 2017-07-19 13:04 - 22675484 _____ C:\Users\Sabrina\Downloads\EA8500_webrevert.bin
2017-07-19 02:47 - 2017-07-19 02:47 - 00571759 _____ C:\Users\Sabrina\Downloads\IoT-spreading-wildfire-final.pdf
2017-07-19 02:08 - 2017-07-19 02:10 - 214603475 _____ C:\Users\Sabrina\Downloads\pygi-aio-3.24.1_rev1-setup_049a323fe25432b10f7e9f543b74598d4be74a39.exe
2017-07-19 00:53 - 2017-07-19 00:53 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Bishop_Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00002627 _____ C:\Users\Public\Desktop\SearchDiggity.lnk
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
2017-07-19 00:52 - 2017-07-19 00:52 - 00000000 ____D C:\Program Files (x86)\Bishop Fox
2017-07-19 00:42 - 2017-07-19 00:49 - 11722751 _____ C:\Users\Sabrina\Downloads\SearchDiggity_v3.1.0-MSI.zip
2017-07-19 00:42 - 2017-07-19 00:42 - 00007649 _____ C:\Users\Sabrina\Downloads\Shodan Queries.txt
2017-07-17 10:56 - 2017-07-17 10:56 - 07862485 _____ C:\Users\Sabrina\Downloads\Malware_Detection_with_OSSEC.pptx
2017-07-17 10:14 - 2017-07-17 10:14 - 00000000 _____ C:\Users\Sabrina\4.mhx
2017-07-17 03:38 - 2017-06-02 17:01 - 00047760 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2017-07-17 03:38 - 2017-06-02 17:00 - 00044304 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2017-07-17 03:37 - 2017-07-20 09:00 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-07-17 03:37 - 2017-07-17 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00933624 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00857856 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2017-07-17 03:37 - 2017-07-17 03:37 - 00250472 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files\Sophos
2017-07-17 03:37 - 2017-07-17 03:37 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-07-17 03:37 - 2017-01-26 13:23 - 00123848 _____ (Sophos Limited) C:\Windows\system32\Drivers\sntp.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00199552 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2017-07-17 03:36 - 2017-06-02 17:00 - 00045840 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2017-07-17 03:36 - 2017-06-02 17:00 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2017-07-17 03:33 - 2017-07-17 03:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-07-17 03:25 - 2017-07-17 03:25 - 00005124 _____ C:\Users\Sabrina\Desktop\hashy.mhx
2017-07-17 03:21 - 2017-07-17 03:21 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\abelhadigital.com
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer.zip
2017-07-17 03:18 - 2017-07-17 03:18 - 02521188 _____ C:\Users\Sabrina\Downloads\MultiHasher_2.8.2_win_installer (1).zip
2017-07-17 03:18 - 2017-07-17 03:18 - 00001183 _____ C:\Users\Public\Desktop\MultiHasher.lnk
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiHasher
2017-07-17 03:18 - 2017-07-17 03:18 - 00000000 ____D C:\Program Files (x86)\MultiHasher
2017-07-17 03:06 - 2017-07-17 03:07 - 249140816 _____ (Sophos Limited) C:\Users\Sabrina\Downloads\SophosInstall (1).exe
2017-07-17 02:11 - 2017-07-17 02:12 - 00046080 ___SH C:\Users\Sabrina\AppData\Local\Thumbs.db
2017-07-16 07:19 - 2017-07-16 07:19 - 00167296 _____ (Gibson Research Corp.) C:\Users\Sabrina\Downloads\DNSBench.exe
2017-07-16 05:19 - 2017-07-16 05:19 - 00000389 _____ C:\Users\Sabrina\Desktop\API KEYS.txt
2017-07-16 01:23 - 2017-07-16 01:23 - 00065910 _____ C:\Users\Sabrina\Downloads\datasploit-master.zip