Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection. HitManPro reported FakeAV


  • This topic is locked This topic is locked
9 replies to this topic

#1 SuperGreenT

SuperGreenT

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 June 2017 - 09:58 AM

I recently ran a HitManPro analysys. I did it out of curiosity and it found that i had multiple "infections" of FakeAV.

I searched on google and apparently these files that were detected as "FakeAV" are BitDefender files which i have installed.

I tried using the Trend Micro Fake Antivirus (FakeAV) Removal Tool during normal boot, it "found" 7 infections but crashed before it could finish. Possibly BitDefender is blocking it, even though i whitelisted the process of Trend Micro. But when i ran it in safe mode, it found 0 infections so i dont know whats going on...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by bob (administrator) on bob-PC (29-06-2017 17:31:29)
Running from C:\Users\bob\Desktop
Loaded Profiles: bob & MSSQL$DUGINSIGHT (Available Profiles: bob & MSSQL$DUGINSIGHT)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.DUGINSIGHT\MSSQL\Binn\sqlservr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-12] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-05-29] ()
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4005944 2017-02-13] (Tonec Inc.)
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7963552 2017-06-29] (SUPERAntiSpyware)
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [808448 2017-06-10] (Bitdefender)
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\MountPoints2: H - H:\setup.EXE /AUTORUN
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\MountPoints2: {1eeb4e5b-1486-11e7-b185-94de807daed1} - H:\setup.EXE /AUTORUN
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\MountPoints2: {1eeb4e60-1486-11e7-b185-94de807daed1} - H:\setup.EXE /AUTORUN
HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\MountPoints2: {1eeb4e62-1486-11e7-b185-94de807daed1} - H:\setup.EXE /AUTORUN
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8E80A3DF-BD3E-4263-B959-0CEB1CDD7BF6}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-03] (Bitdefender)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: aozwlb2r.default
FF ProfilePath: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default [2017-06-29]
FF user.js: detected! => C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\user.js [2014-11-10]
FF Homepage: Mozilla\Firefox\Profiles\aozwlb2r.default -> hxxps://duckduckgo.com/
FF Extension: (Tab Auto Reload) - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\Extensions\TabAutoReload@schuzak.jp.xpi [2017-06-24]
FF Extension: (uBlock Origin) - C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-27]
FF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\searchplugins\-he.xml [2015-11-24]
FF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\searchplugins\youtube-video-search.xml [2015-05-26]
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff [2017-06-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-06-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\bob\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\bob\AppData\Roaming\IDM\idmmzcc5 [2017-06-29] [not signed]
FF HKU\S-1-5-21-355110344-1298380959-4241606440-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-31] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Slides) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-11]
CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-11]
CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Google Sheets) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (AdBlock) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (IDM Integration Module) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-10]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-10]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-24] (Logitech Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$DUGINSIGHT; C:\Program Files\Microsoft SQL Server\MSSQL11.DUGINSIGHT\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S4 SQLAgent$DUGINSIGHT; C:\Program Files\Microsoft SQL Server\MSSQL11.DUGINSIGHT\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1577760 2017-06-10] (Bitdefender)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2017-06-10] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2017-06-10] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-06-29] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-01-24] (Logitech Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 17:31 - 2017-06-29 17:31 - 00019408 _____ C:\Users\bob\Desktop\FRST.txt
2017-06-29 17:31 - 2017-06-29 17:31 - 00000000 ____D C:\FRST
2017-06-29 17:30 - 2017-06-29 17:30 - 02440704 _____ (Farbar) C:\Users\bob\Desktop\FRST64.exe
2017-06-29 17:09 - 2017-06-29 17:09 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-06-29 17:09 - 2017-06-29 17:09 - 00000036 _____ C:\Users\bob\AppData\Local\housecall.guid.cache
2017-06-29 17:06 - 2017-06-29 17:21 - 00437846 _____ C:\Windows\ntbtlog.txt
2017-06-29 17:00 - 2017-06-29 17:02 - 10062736 _____ (Trend Micro Inc.) C:\Users\bob\Desktop\attk_far_gui_x64.exe
2017-06-29 16:58 - 2017-06-29 16:58 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-06-29 16:47 - 2017-06-29 16:57 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-29 16:46 - 2017-06-29 16:46 - 11584088 _____ (SurfRight B.V.) C:\Users\bob\Desktop\hitmanpro_x64.exe
2017-06-21 21:02 - 2017-06-23 15:43 - 00000000 ____D C:\Users\bob\AppData\Roaming\CDisplayEx
2017-06-21 21:02 - 2017-06-21 21:02 - 07966864 _____ (Progdigy Software S.A.R.L. ) C:\Users\bob\Desktop\CDisplayExWin64v1.10.29.exe
2017-06-21 21:02 - 2017-06-21 21:02 - 00000836 _____ C:\Users\bob\Desktop\CDisplayEx.lnk
2017-06-21 21:02 - 2017-06-21 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-06-21 21:02 - 2017-06-21 21:02 - 00000000 ____D C:\Program Files\CDisplayEx
2017-06-21 16:29 - 2017-06-21 20:59 - 00000000 ____D C:\Users\bob\Desktop\2017JavaTest
2017-06-19 17:17 - 2017-06-19 17:18 - 00000000 ____D C:\Users\bob\AppData\Local\MSfree Inc
2017-06-19 17:15 - 2017-06-19 17:15 - 00002883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002862 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002785 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00002769 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-06-19 17:15 - 2017-06-19 17:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-06-19 17:14 - 2017-06-19 17:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-19 17:13 - 2017-06-19 17:13 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-06-19 17:12 - 2017-06-19 17:14 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-19 17:12 - 2017-06-19 17:12 - 00000000 __RHD C:\MSOCache
2017-06-19 02:00 - 2017-06-02 11:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-19 02:00 - 2017-06-02 11:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-19 02:00 - 2017-06-02 11:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-19 02:00 - 2017-06-02 11:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-19 02:00 - 2017-06-02 11:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-19 02:00 - 2017-06-02 11:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-19 02:00 - 2017-06-02 11:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-19 02:00 - 2017-06-02 11:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-19 02:00 - 2017-06-02 10:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-19 02:00 - 2017-06-02 10:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-19 02:00 - 2017-06-02 10:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-19 02:00 - 2017-06-02 10:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-19 02:00 - 2017-05-21 07:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-19 02:00 - 2017-05-21 07:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-19 02:00 - 2017-05-21 07:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-19 02:00 - 2017-05-21 07:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-19 02:00 - 2017-05-21 07:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-19 02:00 - 2017-05-21 06:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-19 02:00 - 2017-05-21 06:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-19 02:00 - 2017-05-21 06:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-19 02:00 - 2017-05-21 06:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-19 02:00 - 2017-05-21 06:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-19 02:00 - 2017-05-21 06:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-19 02:00 - 2017-05-21 06:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-19 02:00 - 2017-05-16 21:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-19 02:00 - 2017-05-16 20:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-19 02:00 - 2017-05-14 23:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-19 02:00 - 2017-05-14 23:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-19 02:00 - 2017-05-14 23:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-19 02:00 - 2017-05-14 23:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-19 02:00 - 2017-05-14 23:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-19 02:00 - 2017-05-14 23:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-19 02:00 - 2017-05-14 23:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-19 02:00 - 2017-05-14 23:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-19 02:00 - 2017-05-14 23:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-19 02:00 - 2017-05-14 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-19 02:00 - 2017-05-14 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-19 02:00 - 2017-05-14 23:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-19 02:00 - 2017-05-14 23:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-19 02:00 - 2017-05-14 23:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-19 02:00 - 2017-05-14 23:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-19 02:00 - 2017-05-14 23:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-19 02:00 - 2017-05-14 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-19 02:00 - 2017-05-14 22:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-19 02:00 - 2017-05-14 22:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-19 02:00 - 2017-05-14 22:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-19 02:00 - 2017-05-14 22:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-19 02:00 - 2017-05-14 22:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-19 02:00 - 2017-05-14 22:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-19 02:00 - 2017-05-14 22:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-19 02:00 - 2017-05-14 22:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-19 02:00 - 2017-05-14 22:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-19 02:00 - 2017-05-14 22:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-19 02:00 - 2017-05-14 22:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-19 02:00 - 2017-05-14 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-19 02:00 - 2017-05-14 22:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-19 02:00 - 2017-05-14 22:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-19 02:00 - 2017-05-14 22:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-19 02:00 - 2017-05-14 22:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-19 02:00 - 2017-05-14 22:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-19 02:00 - 2017-05-14 22:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-19 02:00 - 2017-05-14 22:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-19 02:00 - 2017-05-14 22:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-19 02:00 - 2017-05-14 22:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-19 02:00 - 2017-05-14 22:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-19 02:00 - 2017-05-14 22:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-19 02:00 - 2017-05-14 22:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-19 02:00 - 2017-05-14 22:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-19 02:00 - 2017-05-14 22:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-19 02:00 - 2017-05-14 22:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-19 02:00 - 2017-05-14 22:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-19 02:00 - 2017-05-14 22:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-19 02:00 - 2017-05-14 21:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-19 02:00 - 2017-05-14 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-19 02:00 - 2017-05-14 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-19 02:00 - 2017-05-14 21:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-19 02:00 - 2017-05-14 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-19 02:00 - 2017-05-14 21:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-19 02:00 - 2017-05-14 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-19 02:00 - 2017-05-14 21:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-19 02:00 - 2017-05-14 21:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-19 02:00 - 2017-05-14 21:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-19 02:00 - 2017-05-14 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-19 02:00 - 2017-05-14 21:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-19 02:00 - 2017-05-14 21:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-19 02:00 - 2017-05-14 21:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-19 02:00 - 2017-05-14 21:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-19 02:00 - 2017-05-14 21:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-19 02:00 - 2017-05-14 21:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-19 02:00 - 2017-05-14 21:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-19 02:00 - 2017-05-14 21:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-19 02:00 - 2017-05-14 21:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-19 02:00 - 2017-05-12 21:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-19 02:00 - 2017-05-12 21:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-19 02:00 - 2017-05-12 21:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-19 02:00 - 2017-05-12 21:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-19 02:00 - 2017-05-12 21:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-19 02:00 - 2017-05-12 21:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-19 02:00 - 2017-05-12 21:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-19 02:00 - 2017-05-12 21:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 21:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 20:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-19 02:00 - 2017-05-12 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-19 02:00 - 2017-05-12 20:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-19 02:00 - 2017-05-12 20:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-19 02:00 - 2017-05-12 20:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-19 02:00 - 2017-05-12 20:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-19 02:00 - 2017-05-12 20:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-19 02:00 - 2017-05-12 20:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-19 02:00 - 2017-05-12 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-19 02:00 - 2017-05-12 20:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-19 02:00 - 2017-05-12 20:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-19 02:00 - 2017-05-12 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-19 02:00 - 2017-05-12 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-19 02:00 - 2017-05-12 19:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-19 02:00 - 2017-05-12 18:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-19 02:00 - 2017-05-12 18:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-19 02:00 - 2017-05-10 18:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-19 02:00 - 2017-05-10 18:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-19 02:00 - 2017-05-10 18:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-19 02:00 - 2017-05-10 18:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-19 02:00 - 2017-05-10 18:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-19 02:00 - 2017-05-10 18:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-19 02:00 - 2017-05-10 18:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-19 02:00 - 2017-05-10 18:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-19 02:00 - 2017-05-10 18:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-19 02:00 - 2017-05-10 18:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-19 02:00 - 2017-05-10 18:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-19 02:00 - 2017-05-10 18:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-19 02:00 - 2017-05-10 18:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-19 02:00 - 2017-05-10 18:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-19 02:00 - 2017-05-10 18:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-19 02:00 - 2017-05-10 18:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-19 02:00 - 2017-05-10 18:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-19 02:00 - 2017-05-10 18:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-19 02:00 - 2017-05-10 18:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-19 02:00 - 2017-05-10 18:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-19 02:00 - 2017-05-10 18:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-19 02:00 - 2017-05-10 18:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-19 02:00 - 2017-05-10 17:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-19 02:00 - 2017-05-09 18:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-19 02:00 - 2017-05-09 18:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-19 02:00 - 2017-05-09 18:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-19 02:00 - 2017-05-09 18:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-19 02:00 - 2017-05-07 18:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-19 02:00 - 2017-05-07 18:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-19 02:00 - 2017-04-28 01:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-19 02:00 - 2017-04-12 16:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-19 02:00 - 2017-03-30 18:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-19 02:00 - 2017-03-30 17:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-19 00:31 - 2017-06-19 00:31 - 00000000 ____D C:\Users\bob\AppData\Roaming\LibreOffice
2017-06-19 00:30 - 2017-06-19 00:30 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
2017-06-19 00:30 - 2017-06-19 00:30 - 00000000 ____D C:\Program Files\LibreOffice 5
2017-06-10 23:09 - 2017-06-10 23:09 - 00462879 _____ C:\ProgramData\1497125278.bdinstall.bin
2017-06-10 23:08 - 2017-06-10 23:14 - 00000000 ____D C:\Users\bob\AppData\Roaming\Bitdefender
2017-06-10 23:08 - 2017-06-10 23:09 - 00000000 ____D C:\ProgramData\Bitdefender
2017-06-10 23:08 - 2017-06-10 23:08 - 00253404 ____H C:\bdr-ld01
2017-06-10 23:08 - 2017-06-10 23:08 - 00009216 ____H C:\bdr-ld01.mbr
2017-06-10 23:08 - 2017-06-10 23:08 - 00000684 ____H C:\bdr-cf01
2017-06-10 23:08 - 2017-06-10 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2017-06-10 23:08 - 2017-06-10 23:06 - 01603264 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-06-10 23:08 - 2017-06-10 23:06 - 00850464 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2017-06-10 23:08 - 2015-06-02 15:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-06-10 23:08 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2017-06-10 23:08 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
2017-06-10 23:08 - 2015-04-29 14:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2017-06-10 23:08 - 2015-01-09 11:59 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2017-06-10 23:08 - 2014-12-15 18:04 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2017-06-10 23:08 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2017-06-10 23:06 - 2017-06-10 23:06 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2017-06-06 17:38 - 2017-06-06 17:38 - 00006078 _____ C:\Windows\system32\--traceoff
2017-06-06 17:38 - 2017-06-06 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-06-06 17:38 - 2017-06-06 17:38 - 00000000 ____D C:\Program Files\Sony
2017-06-06 17:38 - 2017-06-06 17:38 - 00000000 ____D C:\Program Files (x86)\Sony
2017-06-06 17:38 - 2017-06-06 17:38 - 00000000 _____ C:\Windows\system32\--debugoff
2017-06-06 17:28 - 2017-06-06 18:03 - 00000000 ____D C:\Users\bob\AppData\Roaming\Sony
2017-06-06 17:28 - 2017-06-06 17:28 - 00000000 ____D C:\Users\bob\AppData\Roaming\Publish Providers
2017-06-06 17:28 - 2017-06-06 17:28 - 00000000 ____D C:\Users\bob\AppData\Local\Sony
2017-06-06 17:28 - 2017-06-06 17:28 - 00000000 ____D C:\ProgramData\Sony
2017-06-06 16:15 - 2017-06-06 17:31 - 00000000 ____D C:\Users\bob\AppData\Roaming\Anvsoft
2017-06-06 16:15 - 2017-06-06 16:15 - 00000000 ____D C:\Users\bob\Documents\Any Video Converter Ultimate
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\Users\bob\Documents\Freemake
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\Users\bob\AppData\Local\FreemakeVideoConverter
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\ProgramData\Freemake
2017-06-06 16:12 - 2017-06-06 16:12 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-06-03 18:32 - 2017-06-03 18:32 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2017-06-03 18:27 - 2017-06-03 18:27 - 00000000 ____D C:\Program Files\Application Verifier
2017-06-03 18:27 - 2017-06-03 18:27 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2017-06-03 18:26 - 2017-06-03 18:26 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2017-06-03 18:22 - 2017-06-03 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-05-30 15:53 - 2017-05-30 15:53 - 00000000 ____D C:\Users\bob\Documents\Bandicam
2017-05-30 15:53 - 2017-05-30 15:53 - 00000000 ____D C:\Users\bob\AppData\Roaming\Bandicam Company
2017-05-30 15:53 - 2017-05-30 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-05-30 15:53 - 2017-05-30 15:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2017-05-30 15:53 - 2017-05-30 15:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-05-30 11:28 - 2017-05-30 11:28 - 00003296 _____ C:\Windows\System32\Tasks\SidebarExecute
2017-05-30 11:16 - 2017-05-30 18:25 - 00007679 _____ C:\Users\bob\AppData\Local\resmon.resmoncfg
2017-05-30 10:35 - 2017-05-30 10:35 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 17:30 - 2009-07-14 07:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-29 17:30 - 2009-07-14 07:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-29 17:29 - 2017-03-11 23:54 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1489265668
2017-06-29 17:29 - 2017-03-11 23:54 - 00000000 ____D C:\Program Files\Opera
2017-06-29 17:28 - 2009-07-14 08:13 - 00909610 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-29 17:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-06-29 17:25 - 2017-03-11 21:40 - 00000000 ____D C:\Users\bob\AppData\LocalLow\Mozilla
2017-06-29 17:22 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-29 17:19 - 2017-03-31 17:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-29 17:18 - 2017-03-14 19:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\DMCache
2017-06-29 17:18 - 2017-03-11 23:11 - 00017503 _____ C:\bdlog.txt
2017-06-29 17:06 - 2009-07-14 07:45 - 00514928 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-29 04:27 - 2017-03-12 00:02 - 00000000 ____D C:\Users\bob\AppData\Roaming\Skype
2017-06-29 00:50 - 2017-03-11 21:30 - 00000000 ____D C:\Users\bob
2017-06-28 16:21 - 2017-03-11 23:19 - 00013405 _____ C:\Windows\BRRBCOM.INI
2017-06-27 22:38 - 2017-05-17 20:24 - 00003390 _____ C:\Windows\System32\Tasks\Bitdefender Migrate Tool
2017-06-27 20:31 - 2017-03-11 22:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-25 03:58 - 2017-03-11 23:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-23 17:02 - 2017-05-22 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-23 17:02 - 2017-03-11 23:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-21 21:01 - 2017-03-11 22:05 - 00000000 ____D C:\Users\bob\AppData\Roaming\uTorrent
2017-06-21 05:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2017-06-19 18:15 - 2017-03-14 19:30 - 00000000 ____D C:\Users\bob\AppData\Local\Eclipse
2017-06-19 18:15 - 2017-03-14 19:25 - 00000000 ____D C:\Users\bob\.p2
2017-06-19 17:18 - 2017-03-31 16:34 - 00000000 ____D C:\ProgramData\TEMP
2017-06-19 17:17 - 2017-03-11 21:41 - 00130680 _____ C:\Users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-19 17:15 - 2011-04-12 11:28 - 00000000 ____D C:\Windows\ShellNew
2017-06-19 17:15 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-06-19 17:14 - 2017-03-12 20:58 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-19 17:13 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-19 17:13 - 2009-07-14 05:34 - 00000478 _____ C:\Windows\win.ini
2017-06-19 17:12 - 2017-03-31 16:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-19 17:06 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-19 17:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-19 17:03 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-19 02:04 - 2017-03-11 22:30 - 00000000 ____D C:\Windows\system32\MRT
2017-06-19 02:01 - 2017-03-11 22:30 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-17 03:58 - 2017-03-15 23:28 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-17 03:58 - 2017-03-11 23:52 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-17 03:58 - 2017-03-11 23:52 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 03:58 - 2017-03-11 23:52 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-17 03:58 - 2017-03-11 23:52 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-15 01:37 - 2017-03-30 17:41 - 00000000 ____D C:\Users\bob\Desktop\2017
2017-06-14 21:28 - 2017-03-31 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-06-12 19:30 - 2017-04-14 04:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-12 19:30 - 2017-03-12 00:02 - 00000000 ____D C:\ProgramData\Skype
2017-06-11 15:53 - 2017-04-25 01:10 - 00000000 ____D C:\Users\bob\Documents\SQL Server Management Studio
2017-06-10 23:08 - 2017-03-11 21:42 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-06-10 23:08 - 2017-03-11 21:42 - 00000000 ____D C:\Program Files\Bitdefender
2017-06-10 17:13 - 2017-03-12 21:27 - 00000000 ____D C:\Users\bob\Documents\Visual Studio 2015
2017-06-04 21:32 - 2017-03-12 01:50 - 00000000 ____D C:\Users\bob\AppData\Roaming\TeamViewer
2017-06-03 18:52 - 2017-03-11 21:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-03 18:20 - 2011-04-12 11:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-03 18:10 - 2017-03-12 21:02 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-06-03 18:10 - 2017-03-12 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-06-02 17:53 - 2017-04-25 01:10 - 00000000 ____D C:\Users\MSSQL$DUGINSIGHT
2017-05-31 22:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-31 00:49 - 2017-03-14 19:23 - 00000000 ____D C:\Users\bob\AppData\Roaming\IDM
2017-05-30 11:23 - 2017-03-31 17:07 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-30 10:40 - 2017-03-13 18:07 - 00000000 ____D C:\Users\bob\AppData\Roaming\MPC-HC
2017-05-30 10:36 - 2017-03-13 00:01 - 00000000 ____D C:\Windows\Minidump
2017-05-30 10:36 - 2017-03-12 07:26 - 00000000 ____D C:\Windows\Panther
2017-05-30 01:21 - 2017-03-31 17:07 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2017-06-29 17:09 - 2017-06-29 17:09 - 0000036 _____ () C:\Users\bob\AppData\Local\housecall.guid.cache
2017-05-30 11:16 - 2017-05-30 18:25 - 0007679 _____ () C:\Users\bob\AppData\Local\resmon.resmoncfg
2017-06-10 23:09 - 2017-06-10 23:09 - 0462879 _____ () C:\ProgramData\1497125278.bdinstall.bin
2017-03-11 23:30 - 2017-03-11 23:30 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-22 03:32

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 30 June 2017 - 06:09 AM

SuperGreenT:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

In future, I would ask that you please copy and paste the contents of all requested log files directly into your replies. I know that the instructions do say to attach the "Addition.txt" file, but it is much faster for me to analyze the logs when that are copied and pasted into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 30 June 2017 - 07:35 AM

SuperGreenT:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Do you know what this Mozilla Firefox extension is? Did you install it? If not, I would suggest disabling and removing it.

:spacer:

FF SearchPlugin: C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\aozwlb2r.default\searchplugins\-he.xml [2015-11-24]


.

:step2: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you use P2P programs, your computer will get infected.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST fix for me.

Please note that I found (a) remnant(s) of a Microsoft "hack" tool that will be removed by the FRST "fixlist" script. If you wish to keep it, please do not run the FRST "fixlist" script. Please let me know why you are keeping it. Software piracy programs are a MAJOR attack vector used by malware to infect computers. I am not accusing you of anything illegal. In many case, other persons are responsible for "helping out" and installing such tools on unknowing friends, family, or customers.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
Folder: C:\Users\bob\AppData\Local\MSfree Inc
File: C:\Windows\system32\PrintBrmUi.exe
File: C:\Windows\system32\--traceoff
Folder: C:\Users\bob\.p2
C:\Users\bob\AppData\Local\MSfree Inc
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

:spacer:
.

 

I am not seeing any evidence of a serious malware infection on your computer. :thumbup2: I suspect that the Trend-Micro product detected "false positives", but once I see the contents of the "fixlog.txt" file, we can move on to some standard anti-malware scans just to be sure. FRST does not detect everything. It is always wise to research any reports of malware being detected on your computer.
.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 SuperGreenT

SuperGreenT
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 30 June 2017 - 09:01 AM

Hello Phil. First off, thank you for your time and effort.

Could you please tell me which line of the script deletes the Microsoft "hack" tool?

 

Also: How do i delete this specific FireFox plugin? It's not in the Add-On Manager but from what i can see it's from 2 years ago, so ill probably have to do it manualy.



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 30 June 2017 - 09:55 AM

SuperGreenT:

 

Thank you for your post.  I did not state that I found an active Microsoft "hack" tool, ... so far.  I said that I found a "remnant" or "remnants".  FRST does not detect every malware application.

 

Some of our standard anti-malware scanners will automatically remove "hacks" and "keygens" when they are detected.

 

Bleeping Computer, me included, does not condone software piracy.  Apart from being illegal, it usually results in the installation of malware.  As such, it because a "chase your tail" situation because as fast as we can remove the malware, it reinstalls itself, courtesy of the software piracy "hacks".

 

I personally have made the decision not to assist users who insist on using pirated software.

 

If you are knowingly running "cracked" software and intend to continue doing so, then please let me know and I will conclude your topic.  Do not run the FRST "fixlist" script and you should avoid doing full or system scans with the major anti-virus scanners, in particular, which might quarantine the files associated with the "hack", unless you have specifically exempted those files.

 

As for Firefox plug-in, I am not sure what that is.  I have never seen it before and my Google searches came up empty, which makes it suspicious in my mind.  I did notice a number of browser errors as well in the "Addition.txt" log, which might be related to that plug-in or the errors could be generated for another reason entirely.

 

Let me know, please, how you wish to proceed.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 03 July 2017 - 05:54 AM

SuperGreenT:

Are you still there? Do you still require assistance? It has been three days since I last posted to you.

According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.

If I have not heard from you in another two days, I will conclude your topic. You can always reopen it by sending a Personal Message to a Moderator.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 SuperGreenT

SuperGreenT
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 03 July 2017 - 11:19 AM

Sorry for the delay, it's been really busy for me lately.

Thank you again for your help! I'll reply ASAP! :)



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 04 July 2017 - 12:23 PM

SuperGreenT:

 

Glad to hear that you are still here.  I will await your your next post.  If you are not going to be able to respond in the next three days, please let me know.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 07 July 2017 - 09:58 AM

SuperGreenT:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:55 AM

Posted 09 July 2017 - 05:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users