Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware


  • This topic is locked This topic is locked
77 replies to this topic

#1 tmedicine

tmedicine

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 23 September 2017 - 06:27 AM

need help with removal of ransomware on my computer. im pretty sure it is locky, as the file extensions were zzzz files, and my system processes are malevolent as in they keep restoring the malicious files i delete in file explorer, except when in safe mode. my anti virus cant detect it, and it messed around with a lot of my files in file explorer, access is denied, i can restore user permissions and access to some of the files, but the main infectious files i have no access to, they wont even respond to the delete key or option. the infection also messed with my services and user permissions. also in my registry there is some content i cannot access as well, access is denied. i dont know what to do to remove this virus and need expert help. thanks, i can produce any amount of logs and patiently wait as many days it takes to fix this severe issue, thanks



BC AdBot (Login to Remove)

 


#2 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 24 September 2017 - 07:11 PM

now just today, the laptop wont boot up, i tried clearing cache (hard reset), tried everything to boot it up, it just wont boot up, the screen remains black now, i think i waited too long, i got some information about my MBR getting overwritten or something. i think i need to use eset sysrescue now but im not sure how i would do that on a computer that wont even boot up.



#3 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 25 September 2017 - 06:27 PM

Update: I am back on the crashed computer, i have restored the BIOS on my HP computer by holding the windows key, b key, and holing the power for 3 seconds and the computer was able to restore to be able to reboot. Now I am just waiting for next instructions please.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 27 September 2017 - 02:57 PM

Greetings tmedicine and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 27 September 2017 - 09:51 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by wpg_t (administrator) on DESKTOP-N7I39C5 (27-09-2017 21:37:17)
Running from C:\Users\wpg_t\Desktop
Loaded Profiles: wpg_t (Available Profiles: wpg_t)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124128.inf_amd64_a53720acf0e8395d\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.1.10\ns.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\TieringEngineService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.1.10\ns.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124128.inf_amd64_a53720acf0e8395d\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(PokerTracker Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PokerTracker Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTrackerWeb4.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Max Value Software, LLC.) C:\Program Files (x86)\PokerTracker 4\PokerTrackerHud4.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Programs\PartyGaming\PartyGaming.exe
() C:\Programs\PartyGaming\EBEngine\GGC3\pgwebrenderer.exe
() C:\Programs\PartyGaming\EBEngine\GGC3\pgwebrenderer.exe
() C:\Programs\PartyGaming\EBEngine\GGC3\pgwebrenderer.exe
() C:\Program Files (x86)\Poker PlayNow.com\poker.exe
() C:\Program Files (x86)\Poker PlayNow.com\browserhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Poker PlayNow.com\poker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-14] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-04-19] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel)
HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
Startup: C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-09-04]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\wpg_t\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c6048e47-90fc-4bed-94ef-e21d0883b65e}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1289290483-1558043448-3844216220-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=retail&geo=CA&ver=22.10.1.10&locale=en_CA&guid=ABF13FC2-E424-455C-AB1A-48BAB310393A&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1289290483-1558043448-3844216220-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
 
FireFox:
========
FF DefaultProfile: t85y7iey.default
FF ProfilePath: C:\Users\wpg_t\AppData\Roaming\Mozilla\Firefox\Profiles\t85y7iey.default [2017-09-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\t85y7iey.default -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\t85y7iey.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t85y7iey.default -> Bing 
FF Extension: (Bing Search) - C:\Users\wpg_t\AppData\Roaming\Mozilla\Firefox\Profiles\t85y7iey.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-07-06]
FF SearchPlugin: C:\Users\wpg_t\AppData\Roaming\Mozilla\Firefox\Profiles\t85y7iey.default\searchplugins\bing-.xml [2017-07-06]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2017-07-27]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2017-09-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2017-09-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\wpg_t\AppData\Local\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (HP Network Check Launcher) - C:\Users\wpg_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wpg_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\wpg_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-25]
CHR Profile: C:\Users\wpg_t\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-22]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [19856 2017-08-07] (Cybereason)
S2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2219072 2016-10-25] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [251632 2015-07-02] (Hewlett-Packard)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S2 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
S4 iprip; C:\WINDOWS\System32\iprip.dll [35840 2017-08-24] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.10.1.10\NS.exe [326144 2017-08-24] (Symantec Corporation)
S2 postgresql-x64-9.3; C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe [92672 2017-05-08] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-14] (Realtek Semiconductor)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2017-09-21] (Enigma Software Group USA, LLC.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [495616 2017-04-11] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20170920.001\BHDrvx64.sys [1872032 2017-09-07] (Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-06] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43000 2015-07-06] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-07-16] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-09-21] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-09-21] ()
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355216 2016-10-25] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244720 2017-06-22] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20170926.001\IDSvia64.sys [1056920 2017-07-31] (Symantec Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-06] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-06-15] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [50808 2015-12-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NSx64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSx64\160A010.00A\SymELAM.sys [24608 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSx64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NSx64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
U3 aspnet_state; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170621.018\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20170621.018\NAVEX15.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-27 21:37 - 2017-09-27 21:42 - 000023036 _____ C:\Users\wpg_t\Desktop\FRST.txt
2017-09-27 21:36 - 2017-09-27 21:37 - 000000000 ____D C:\FRST
2017-09-27 21:34 - 2017-09-27 21:34 - 002399744 _____ (Farbar) C:\Users\wpg_t\Desktop\FRST64.exe
2017-09-27 21:19 - 2017-09-27 21:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-09-24 05:23 - 2017-09-24 05:23 - 000501994 ____N C:\Users\xava0so\flowershollywood.xlsx
2017-09-24 05:23 - 2017-09-24 05:23 - 000501210 ____N C:\Users\Akh5mn\measure.release.drawer.districts.xlsx
2017-09-24 05:23 - 2017-09-24 05:23 - 000218396 ____N C:\Users\xava0so\evening however station spending.mdb
2017-09-24 05:23 - 2017-09-24 05:23 - 000208457 ____N C:\Users\Akh5mn\hair-deal-bed-helva.mdb
2017-09-24 05:23 - 2017-09-24 05:23 - 000063563 ____N C:\Users\Akh5mn\grip_thanks.xls
2017-09-24 05:23 - 2017-09-24 05:23 - 000061611 ____N C:\Users\xava0so\depress.taking.xls
2017-09-24 05:23 - 2017-09-24 05:23 - 000055322 ____N C:\Users\Akh5mn\fig.hills.pem
2017-09-24 05:23 - 2017-09-24 05:23 - 000051651 ____N C:\Users\xava0so\repeated_same_catalogue_compound.pem
2017-09-24 05:23 - 2017-09-24 05:23 - 000024694 ____N C:\Users\Akh5mn\leading.address.txt
2017-09-24 05:23 - 2017-09-24 05:23 - 000021898 ____N C:\Users\xava0so\snappedfixvienna.sql
2017-09-24 05:23 - 2017-09-24 05:23 - 000021508 ____N C:\Users\Akh5mn\disgustblonde.sql
2017-09-24 05:23 - 2017-09-24 05:23 - 000010332 ____N C:\Users\xava0so\termenjoyedcoordinate.txt
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 __SHD C:\Users\wpg_t\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ___HD C:\Users\xava0so
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ___HD C:\Users\wpg_t\Documents\Zstorage139
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ___HD C:\Users\wpg_t\Documents\888ofiles73
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ___HD C:\Users\Akh5mn
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Xselect222
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Csettingsettings14
2017-09-23 22:41 - 2017-09-23 22:54 - 000971152 _____ C:\Users\wpg_t\Documents\GTECH G2 (Boss) Hand #246420238.webm
2017-09-23 04:15 - 2017-09-23 04:15 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-23 04:09 - 2017-09-23 04:10 - 000268336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-23 00:13 - 2017-09-23 00:13 - 000003480 _____ C:\Users\wpg_t\Documents\cc_20170923_001311.reg
2017-09-22 17:07 - 2017-09-22 17:07 - 000000000 ____D C:\Program Files\Common Files\Intel
2017-09-22 14:49 - 2017-09-22 14:49 - 000039643 _____ C:\Users\wpg_t\Downloads\PowerLockyDecrypter.zip
2017-09-21 14:05 - 2017-09-21 14:06 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Cybereason
2017-09-21 14:04 - 2017-09-21 14:04 - 000004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2017-09-21 14:04 - 2017-09-21 14:04 - 000003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2017-09-21 14:03 - 2017-09-21 14:03 - 000000000 ____D C:\ProgramData\Cybereason
2017-09-21 14:02 - 2017-09-21 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-09-21 14:02 - 2017-09-21 14:02 - 000000000 ____D C:\Program Files (x86)\Cybereason
2017-09-21 13:57 - 2017-09-21 13:57 - 004190208 _____ C:\Users\wpg_t\Downloads\CybereasonRansomFree.msi
2017-09-21 13:45 - 2017-09-21 13:45 - 000003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-09-21 13:45 - 2017-09-21 13:45 - 000001139 _____ C:\Users\wpg_t\Desktop\SpyHunter.lnk
2017-09-21 13:45 - 2017-09-21 13:45 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-09-21 13:45 - 2017-09-21 13:45 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Enigma Software Group
2017-09-21 13:41 - 2017-09-21 13:41 - 000022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-09-21 13:41 - 2017-09-21 13:41 - 000000000 ____D C:\Program Files\Enigma Software Group
2017-09-21 13:35 - 2017-09-21 13:35 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\wpg_t\Downloads\SpyHunter-Installer.exe
2017-09-19 22:15 - 2017-09-19 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2017-09-14 19:36 - 2017-09-14 19:36 - 001048576 _____ C:\WINDOWS\system32\defltbase.sdb
2017-09-14 19:36 - 2017-09-14 19:36 - 000016384 _____ C:\WINDOWS\system32\defltbase.jfm
2017-09-14 19:34 - 2017-09-14 19:34 - 027718352 _____ (Microsoft Corporation) C:\Users\wpg_t\Downloads\OneDriveSetup.exe
2017-09-14 19:25 - 2017-09-14 19:25 - 000001236 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.9.lnk
2017-09-14 19:25 - 2017-09-14 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-09-14 19:19 - 2017-09-14 19:19 - 000000000 ____D C:\Users\wpg_t\Downloads\Temp
2017-09-14 18:44 - 2017-09-14 18:44 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000032-000000.txt
2017-09-14 18:44 - 2017-09-14 18:44 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000031-000000.txt
2017-09-14 18:23 - 2017-09-14 18:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000030-000000.txt
2017-09-14 18:22 - 2017-09-14 18:22 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000029-000000.txt
2017-09-14 17:36 - 2017-09-14 17:36 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000028-000000.txt
2017-09-14 17:36 - 2017-09-14 17:36 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000027-000000.txt
2017-09-14 17:32 - 2017-09-23 05:22 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForwpg_t.job
2017-09-14 17:32 - 2017-09-22 18:41 - 000003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForwpg_t
2017-09-14 16:15 - 2017-09-14 16:16 - 000005098 _____ C:\Users\wpg_t\Documents\cc_20170914_161540.reg
2017-09-14 16:11 - 2017-09-14 16:11 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2017-09-14 16:11 - 2017-09-14 16:11 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2017-09-13 22:59 - 2017-09-13 22:59 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2017-09-13 22:59 - 2017-09-13 22:59 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2017-09-13 22:46 - 2017-09-13 22:46 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2017-09-13 22:45 - 2017-09-13 22:45 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2017-09-13 02:32 - 2017-09-04 23:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 02:32 - 2017-09-04 23:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 02:32 - 2017-09-04 23:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 02:32 - 2017-09-04 23:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 02:31 - 2017-09-05 00:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 02:31 - 2017-09-05 00:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 02:31 - 2017-09-04 23:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 02:31 - 2017-09-04 23:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 02:31 - 2017-09-04 23:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 02:31 - 2017-09-04 23:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 02:31 - 2017-09-04 23:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 02:31 - 2017-09-04 23:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 02:31 - 2017-09-04 23:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 02:31 - 2017-09-04 23:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 02:31 - 2017-09-04 23:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 02:31 - 2017-09-04 23:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 02:31 - 2017-09-04 23:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 02:31 - 2017-09-04 23:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 02:31 - 2017-09-04 23:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 02:31 - 2017-09-04 23:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 02:31 - 2017-09-04 23:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 02:31 - 2017-09-04 23:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 02:31 - 2017-09-04 23:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 02:31 - 2017-09-04 23:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 02:31 - 2017-09-04 23:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 02:31 - 2017-09-04 23:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 02:31 - 2017-09-04 23:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 02:31 - 2017-09-04 23:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 02:31 - 2017-09-04 23:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 02:31 - 2017-09-04 23:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 02:31 - 2017-09-04 23:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 02:31 - 2017-09-04 23:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 02:31 - 2017-09-04 23:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 02:31 - 2017-09-04 23:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 02:31 - 2017-09-04 23:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 02:31 - 2017-09-04 23:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 02:31 - 2017-09-04 23:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 02:31 - 2017-09-04 23:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 02:31 - 2017-09-04 23:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 02:31 - 2017-09-04 23:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 02:31 - 2017-09-04 23:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 02:31 - 2017-09-04 23:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 02:31 - 2017-09-04 23:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 02:31 - 2017-09-04 23:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 02:31 - 2017-09-04 23:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 02:31 - 2017-09-04 23:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 02:31 - 2017-09-04 23:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 02:31 - 2017-09-04 23:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 02:31 - 2017-09-04 23:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 02:30 - 2017-09-04 23:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 02:30 - 2017-09-04 23:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 02:30 - 2017-09-04 23:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 02:30 - 2017-09-04 23:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 02:30 - 2017-09-04 23:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 02:30 - 2017-09-04 23:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 02:30 - 2017-09-04 23:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 02:30 - 2017-09-04 23:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 02:30 - 2017-09-04 23:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 02:30 - 2017-09-04 23:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 02:30 - 2017-09-04 23:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 02:30 - 2017-09-04 23:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 02:30 - 2017-09-04 23:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 02:30 - 2017-09-04 23:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 02:30 - 2017-09-04 23:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 02:30 - 2017-09-04 23:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 02:30 - 2017-09-04 23:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 02:30 - 2017-09-04 23:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 02:30 - 2017-09-04 23:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 02:30 - 2017-09-04 23:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 02:30 - 2017-09-04 23:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 02:30 - 2017-09-04 23:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 02:30 - 2017-09-04 23:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 02:30 - 2017-09-04 23:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 02:30 - 2017-09-04 23:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 02:30 - 2017-09-04 23:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 02:30 - 2017-09-04 23:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 02:29 - 2017-09-05 00:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 02:29 - 2017-09-05 00:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 02:29 - 2017-09-04 23:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 02:29 - 2017-09-04 23:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 02:29 - 2017-09-04 23:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 02:29 - 2017-09-04 23:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 02:29 - 2017-09-04 23:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 02:29 - 2017-09-04 23:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 02:29 - 2017-09-04 23:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 02:29 - 2017-09-04 23:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 02:29 - 2017-09-04 23:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 02:29 - 2017-09-04 23:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 02:29 - 2017-09-04 23:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 02:29 - 2017-09-04 23:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 02:29 - 2017-09-04 23:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 02:29 - 2017-09-04 23:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 02:29 - 2017-09-04 23:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 02:29 - 2017-09-04 23:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 02:29 - 2017-09-04 23:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 02:29 - 2017-09-04 23:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 02:29 - 2017-09-04 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 02:29 - 2017-09-04 23:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 02:29 - 2017-09-04 23:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 02:29 - 2017-09-04 23:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 02:29 - 2017-09-04 23:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 02:29 - 2017-09-04 23:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 02:29 - 2017-09-04 23:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 02:29 - 2017-09-04 23:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 02:22 - 2017-09-13 02:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.3
2017-09-13 02:15 - 2017-09-13 02:15 - 000000000 ____D C:\Program Files\PostgreSQL
2017-09-13 02:11 - 2017-09-20 15:56 - 000001154 _____ C:\Users\wpg_t\Desktop\PokerTracker 4.lnk
2017-09-13 02:11 - 2017-09-13 20:00 - 000000000 ____D C:\Users\wpg_t\AppData\Local\PokerTracker 4
2017-09-13 02:11 - 2017-09-13 02:11 - 000004930 _____ C:\ProgramData\flwjycbm.bab
2017-09-13 02:11 - 2017-09-13 02:11 - 000000016 _____ C:\ProgramData\mntemp
2017-09-13 02:11 - 2017-09-13 02:11 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2017-09-13 02:08 - 2017-09-25 20:59 - 000000000 ____D C:\Program Files (x86)\PokerTracker 4
2017-09-13 02:04 - 2017-09-13 02:05 - 064309072 _____ C:\Users\wpg_t\Downloads\PT-Install-v4.14.26.exe
2017-09-13 02:02 - 2017-09-04 23:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 02:02 - 2017-09-04 23:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 02:02 - 2017-09-04 23:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 02:02 - 2017-09-04 23:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 02:02 - 2017-09-04 23:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 02:02 - 2017-09-04 23:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 02:00 - 2017-09-05 00:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 02:00 - 2017-09-05 00:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 02:00 - 2017-09-05 00:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 02:00 - 2017-09-05 00:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 02:00 - 2017-09-05 00:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 02:00 - 2017-09-04 23:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 02:00 - 2017-09-04 23:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 02:00 - 2017-09-04 23:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 02:00 - 2017-09-04 23:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 02:00 - 2017-09-04 23:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 02:00 - 2017-09-04 23:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 02:00 - 2017-09-04 23:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 02:00 - 2017-09-04 23:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 02:00 - 2017-09-04 23:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 02:00 - 2017-09-04 23:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 02:00 - 2017-09-04 23:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 02:00 - 2017-09-04 23:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 02:00 - 2017-09-04 23:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 02:00 - 2017-09-04 23:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 02:00 - 2017-09-04 23:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 02:00 - 2017-09-04 23:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 02:00 - 2017-09-04 23:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 02:00 - 2017-09-04 23:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 02:00 - 2017-09-04 23:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 02:00 - 2017-09-04 23:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 02:00 - 2017-09-04 23:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 01:59 - 2017-09-05 00:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 01:59 - 2017-09-05 00:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 01:59 - 2017-09-05 00:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 01:59 - 2017-09-04 23:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 01:59 - 2017-09-04 23:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 01:59 - 2017-09-04 23:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 01:59 - 2017-09-04 23:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 01:59 - 2017-09-04 23:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 01:59 - 2017-09-04 23:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 01:59 - 2017-09-04 23:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 01:59 - 2017-09-04 23:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 01:59 - 2017-09-04 23:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 01:59 - 2017-09-04 23:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 01:59 - 2017-09-04 23:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 01:59 - 2017-09-04 23:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 01:59 - 2017-09-01 00:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 01:58 - 2017-09-05 00:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 01:58 - 2017-09-05 00:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 01:58 - 2017-09-05 00:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 01:58 - 2017-09-05 00:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 01:58 - 2017-09-05 00:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 01:58 - 2017-09-05 00:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 01:58 - 2017-09-05 00:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 01:58 - 2017-09-05 00:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 01:58 - 2017-09-04 23:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 01:58 - 2017-09-04 23:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 01:58 - 2017-09-04 23:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 01:58 - 2017-09-04 23:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 01:58 - 2017-09-04 23:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 01:58 - 2017-09-04 23:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 01:58 - 2017-09-04 23:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 01:58 - 2017-09-04 23:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 01:58 - 2017-09-04 23:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 01:58 - 2017-09-04 23:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 01:58 - 2017-09-04 23:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 01:58 - 2017-09-04 23:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 01:58 - 2017-09-04 23:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 01:58 - 2017-09-04 23:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 01:58 - 2017-09-04 23:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 01:58 - 2017-09-04 23:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 01:58 - 2017-09-04 23:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 01:58 - 2017-09-04 23:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 01:58 - 2017-09-04 23:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 01:58 - 2017-09-04 23:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 01:58 - 2017-09-04 23:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 01:58 - 2017-09-04 23:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 01:58 - 2017-09-04 23:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 01:58 - 2017-09-04 23:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 01:58 - 2017-09-04 23:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 01:58 - 2017-09-04 23:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 01:57 - 2017-09-05 00:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 01:57 - 2017-09-05 00:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 01:57 - 2017-09-04 23:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 01:57 - 2017-09-04 23:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 01:57 - 2017-09-04 23:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 01:57 - 2017-09-04 23:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 01:57 - 2017-09-04 23:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 01:57 - 2017-09-04 23:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 01:57 - 2017-09-04 23:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 01:57 - 2017-09-04 23:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 01:57 - 2017-09-04 23:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 01:57 - 2017-09-04 23:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 01:56 - 2017-09-05 00:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 01:56 - 2017-09-05 00:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 01:56 - 2017-09-04 23:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 01:56 - 2017-09-04 23:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 01:56 - 2017-09-04 23:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 01:56 - 2017-09-04 23:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 01:56 - 2017-09-04 23:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 01:56 - 2017-09-04 23:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 01:56 - 2017-09-04 23:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 01:56 - 2017-09-04 23:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 01:56 - 2017-09-04 23:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 01:56 - 2017-09-04 23:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 01:56 - 2017-09-04 23:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 01:56 - 2017-09-04 23:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 01:55 - 2017-09-05 00:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 01:55 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 01:55 - 2017-09-05 00:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 01:55 - 2017-09-05 00:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 01:55 - 2017-09-05 00:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 01:55 - 2017-09-05 00:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 01:55 - 2017-09-05 00:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 01:55 - 2017-09-05 00:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 01:55 - 2017-09-05 00:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 01:55 - 2017-09-04 23:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 01:55 - 2017-09-04 23:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 01:55 - 2017-09-04 23:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 01:55 - 2017-09-04 23:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 01:55 - 2017-09-04 23:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 01:55 - 2017-09-04 23:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 01:55 - 2017-09-04 23:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 01:55 - 2017-09-04 23:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 01:54 - 2017-09-05 00:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 01:54 - 2017-09-05 00:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 01:54 - 2017-09-05 00:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 01:54 - 2017-09-05 00:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 01:54 - 2017-09-05 00:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 01:54 - 2017-09-04 23:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 01:54 - 2017-09-04 23:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 01:54 - 2017-09-04 23:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 01:54 - 2017-09-04 23:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 01:54 - 2017-09-04 23:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 01:54 - 2017-09-04 23:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 01:54 - 2017-09-04 23:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 01:54 - 2017-09-04 23:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 01:54 - 2017-09-04 23:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 01:54 - 2017-09-04 23:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 01:54 - 2017-09-04 23:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 01:54 - 2017-09-04 23:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 01:54 - 2017-09-04 23:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 01:54 - 2017-09-04 23:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 01:54 - 2017-09-04 23:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 01:54 - 2017-09-04 23:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 01:54 - 2017-09-04 23:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 01:54 - 2017-09-04 23:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 01:53 - 2017-09-05 00:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 01:53 - 2017-09-05 00:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 01:53 - 2017-09-05 00:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 01:53 - 2017-09-05 00:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 01:53 - 2017-09-05 00:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 01:53 - 2017-09-05 00:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 01:53 - 2017-09-05 00:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 01:53 - 2017-09-05 00:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 01:53 - 2017-09-05 00:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 01:53 - 2017-09-04 23:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 01:53 - 2017-09-04 23:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 01:53 - 2017-09-04 23:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 01:53 - 2017-09-04 23:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 01:53 - 2017-09-04 23:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 01:53 - 2017-09-04 23:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 01:53 - 2017-09-04 23:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 01:53 - 2017-09-04 23:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 01:53 - 2017-09-04 23:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 01:53 - 2017-09-04 23:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 01:53 - 2017-09-04 23:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 01:53 - 2017-09-04 23:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 01:53 - 2017-09-04 23:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 01:53 - 2017-09-04 23:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 01:53 - 2017-09-04 23:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 01:53 - 2017-09-04 23:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 01:53 - 2017-09-04 23:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 01:53 - 2017-09-04 23:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 01:53 - 2017-09-04 23:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 01:52 - 2017-09-05 00:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 01:52 - 2017-09-05 00:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 01:52 - 2017-09-05 00:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 01:52 - 2017-09-04 23:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 01:52 - 2017-09-04 23:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 01:52 - 2017-09-04 23:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 01:52 - 2017-09-04 23:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 01:52 - 2017-09-04 23:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 01:52 - 2017-09-04 23:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 01:52 - 2017-09-04 23:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 01:52 - 2017-09-04 23:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 01:52 - 2017-09-04 23:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 01:51 - 2017-09-05 00:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 01:51 - 2017-09-05 00:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 01:51 - 2017-09-05 00:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 01:51 - 2017-09-05 00:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 01:51 - 2017-09-04 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 01:51 - 2017-09-04 23:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 01:51 - 2017-09-04 23:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 01:51 - 2017-09-04 23:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 01:51 - 2017-09-04 23:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 01:50 - 2017-09-04 23:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 01:48 - 2017-09-05 00:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 01:48 - 2017-09-05 00:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 01:48 - 2017-09-05 00:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 01:48 - 2017-09-05 00:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 01:48 - 2017-09-05 00:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 01:48 - 2017-09-04 23:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 01:46 - 2017-09-05 00:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 01:46 - 2017-09-05 00:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 01:46 - 2017-09-04 23:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 01:46 - 2017-09-04 23:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 01:46 - 2017-09-04 23:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 01:43 - 2017-09-04 23:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 01:18 - 2017-09-13 01:18 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2017-09-13 01:17 - 2017-09-13 01:17 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2017-09-12 20:47 - 2017-09-12 20:47 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2017-09-12 20:46 - 2017-09-12 20:46 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2017-09-12 20:08 - 2017-09-12 20:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2017-09-12 20:07 - 2017-09-12 20:07 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2017-09-12 18:25 - 2017-09-12 18:25 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2017-09-12 18:18 - 2017-09-12 18:19 - 000141142 _____ C:\Users\wpg_t\Documents\cc_20170912_181852.reg
2017-09-12 18:10 - 2017-09-22 14:14 - 000000000 ____D C:\Program Files\CCleaner
2017-09-12 18:10 - 2017-09-12 18:10 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-12 18:10 - 2017-09-12 18:10 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-12 18:10 - 2017-09-12 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-12 18:07 - 2017-09-12 18:07 - 009827184 _____ (Piriform Ltd) C:\Users\wpg_t\Downloads\ccsetup534pro.exe
2017-09-12 17:01 - 2017-09-12 17:01 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2017-09-12 17:01 - 2017-09-12 17:01 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2017-09-12 02:40 - 2017-09-12 16:59 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl.001
2017-09-12 02:40 - 2017-09-12 02:40 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl
2017-09-12 02:29 - 2017-09-12 02:29 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2017-09-12 02:29 - 2017-09-12 02:29 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2017-09-12 02:07 - 2017-09-12 02:07 - 000000000 _____ C:\Users\wpg_t\Desktop\Windows errors-repairkit.exe
2017-09-10 21:07 - 2017-09-27 15:59 - 000001806 _____ C:\Users\wpg_t\Desktop\888poker.lnk
2017-09-10 21:07 - 2017-09-10 21:07 - 000001830 _____ C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2017-09-10 21:01 - 2017-09-10 21:01 - 000641184 _____ (Random-Logic) C:\Users\wpg_t\Downloads\888poker_installer.exe
2017-09-09 23:00 - 2017-09-09 23:00 - 000615561 _____ C:\Users\wpg_t\Downloads\video-1505010331.mp4
2017-09-08 17:56 - 2017-09-08 17:56 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2017-09-08 17:54 - 2017-09-08 17:54 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2017-09-06 13:03 - 2017-09-25 20:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2017-09-06 13:02 - 2017-09-06 13:02 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-09-05 21:56 - 2017-09-07 01:01 - 000069833 _____ C:\Users\wpg_t\Downloads\Pokemon - Blue Version (UE)[!].sn0
2017-09-05 15:07 - 2017-09-05 15:07 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2017-09-05 15:05 - 2017-09-05 15:05 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2017-09-05 04:17 - 2017-09-11 22:14 - 000069833 _____ C:\Users\wpg_t\Downloads\Pokemon - Blue Version (UE)[!].sn2
2017-09-05 03:38 - 2017-09-19 22:08 - 000069833 _____ C:\Users\wpg_t\Downloads\Pokemon - Blue Version (UE)[!].sn1
2017-09-05 02:19 - 2017-09-19 22:08 - 000032768 _____ C:\Users\wpg_t\Downloads\Pokemon - Blue Version (UE)[!].sav
2017-09-05 02:18 - 2017-09-05 02:18 - 000380570 _____ C:\Users\wpg_t\Downloads\Pokemon - Blue Version (UE)[!].zip
2017-09-05 02:11 - 2017-09-05 02:11 - 000419818 _____ C:\Users\wpg_t\Downloads\bgb-1.5.4 (1).zip
2017-09-05 02:06 - 2017-09-05 02:06 - 000419818 _____ C:\Users\wpg_t\Downloads\bgb-1.5.4.zip
2017-08-30 17:02 - 2017-08-30 17:02 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-08-30 17:02 - 2017-08-30 17:02 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-27 21:35 - 2017-04-25 03:12 - 000000000 ____D C:\Users\wpg_t\AppData\Local\CrashDumps
2017-09-27 21:04 - 2017-04-25 13:10 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-09-27 20:59 - 2017-06-09 21:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-27 18:17 - 2017-07-20 15:38 - 000000000 ____D C:\Users\wpg_t\Documents\888poker
2017-09-27 00:00 - 2017-04-25 15:06 - 000000000 ____D C:\Users\wpg_t\AppData\Local\PokerStars
2017-09-26 22:29 - 2017-04-25 15:03 - 000000000 ____D C:\Program Files (x86)\PokerStars
2017-09-26 21:50 - 2017-05-07 16:30 - 000001503 _____ C:\Users\wpg_t\Desktop\partypoker.lnk
2017-09-25 20:57 - 2017-04-25 01:35 - 000000000 __SHD C:\Users\wpg_t\IntelGraphicsProfiles
2017-09-25 20:52 - 2017-06-09 22:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-25 20:52 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\registration
2017-09-25 20:40 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-25 17:43 - 2017-08-26 14:55 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 17:43 - 2017-08-26 14:55 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-25 17:41 - 2017-06-09 21:55 - 000000000 ____D C:\Users\wpg_t
2017-09-23 14:55 - 2017-05-15 00:45 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-09-23 05:22 - 2017-04-24 15:14 - 000000000 ____D C:\Intel
2017-09-23 05:21 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-23 05:02 - 2017-04-26 01:53 - 000102568 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2017-09-23 05:02 - 2017-04-26 01:53 - 000008309 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2017-09-23 04:54 - 2017-04-25 10:06 - 000000000 ____D C:\WINDOWS\pss
2017-09-23 00:31 - 2017-06-09 22:22 - 000003102 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-09-22 21:55 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-22 21:55 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-22 17:13 - 2015-11-11 23:01 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-22 17:08 - 2015-11-11 23:02 - 000000000 ____D C:\ProgramData\Intel
2017-09-22 17:06 - 2017-06-09 21:51 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-22 17:06 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-22 17:02 - 2017-06-09 21:51 - 000000000 ____D C:\Program Files\Intel
2017-09-21 13:24 - 2017-08-26 23:42 - 000000000 ____D C:\Users\wpg_t\AppData\Local\WinZip
2017-09-20 16:00 - 2017-06-09 22:16 - 000005168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-20 15:57 - 2017-04-25 01:36 - 000000000 ____D C:\Users\wpg_t\Documents\YouCam
2017-09-20 15:50 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-19 22:15 - 2017-05-07 16:30 - 000001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk
2017-09-19 22:15 - 2017-04-26 01:40 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-09-19 22:15 - 2015-11-11 23:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-19 22:08 - 2017-07-17 21:23 - 000003353 _____ C:\Users\wpg_t\Desktop\bgb.ini
2017-09-15 01:48 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 22:10 - 2017-07-02 20:34 - 000000000 ____D C:\Program Files (x86)\Project64 2.3
2017-09-14 19:50 - 2015-07-10 04:05 - 000000000 ____D C:\Users\Default.migrated
2017-09-14 19:34 - 2017-07-20 19:20 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1289290483-1558043448-3844216220-1001
2017-09-14 19:34 - 2017-04-25 01:46 - 000002420 _____ C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-14 19:34 - 2017-04-25 01:46 - 000000000 ___RD C:\Users\wpg_t\OneDrive
2017-09-14 19:33 - 2017-05-15 00:58 - 000000000 ____D C:\Users\wpg_t\Downloads\Intel Components
2017-09-14 19:25 - 2017-06-09 22:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-09-14 19:22 - 2015-07-13 11:28 - 000000000 ____D C:\SWSetup
2017-09-13 23:05 - 2015-07-16 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 22:54 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 03:29 - 2017-04-25 06:45 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 18:41 - 2017-04-25 11:31 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-12 18:15 - 2017-05-22 23:30 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-12 18:14 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-12 02:28 - 2017-04-26 01:40 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-09-12 02:27 - 2017-07-01 19:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-12 02:27 - 2017-05-05 21:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-12 02:18 - 2017-08-10 19:22 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-10 21:07 - 2017-08-20 12:54 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\pacificpoker
2017-09-10 21:07 - 2017-04-27 02:04 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\InstallShield Installation Information
2017-09-10 21:05 - 2017-04-27 02:03 - 000000000 ____D C:\Users\wpg_t\AppData\Local\Downloaded Installations
2017-09-09 11:38 - 2017-05-05 21:57 - 000000000 ____D C:\Users\wpg_t\AppData\LocalLow\Mozilla
2017-09-08 04:08 - 2017-04-25 04:09 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-06 13:02 - 2017-04-26 01:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2017-09-06 13:02 - 2017-04-25 12:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2017-09-05 02:07 - 2017-07-17 21:21 - 000420352 _____ C:\Users\wpg_t\Desktop\bgb.exe
2017-09-05 02:07 - 2017-07-17 21:18 - 000047850 _____ C:\Users\wpg_t\Desktop\bgb.html
2017-09-05 02:07 - 2013-01-28 12:50 - 000032768 _____ C:\Users\wpg_t\Desktop\bgbtest.gb
2017-09-04 02:42 - 2017-06-21 14:11 - 000001296 _____ C:\Users\wpg_t\Desktop\Facebook Gameroom.lnk
2017-09-04 02:42 - 2017-06-21 14:11 - 000000000 ____D C:\Users\wpg_t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-09-04 02:42 - 2017-06-20 22:23 - 000000000 ____D C:\Users\wpg_t\AppData\Local\Facebook
2017-09-02 10:15 - 2017-03-18 16:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 10:15 - 2017-03-18 16:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-30 13:23 - 2017-06-09 21:51 - 000113664 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-08-30 13:23 - 2017-06-09 21:51 - 000104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-08-30 13:23 - 2017-02-22 01:45 - 000271360 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-08-30 13:23 - 2017-02-22 01:45 - 000141312 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2017-08-30 13:23 - 2017-02-22 01:45 - 000113664 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-08-30 13:23 - 2017-02-22 01:45 - 000112136 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2017-08-30 13:23 - 2017-02-22 01:45 - 000104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-08-30 13:23 - 2017-02-22 01:45 - 000101376 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2017-08-30 10:10 - 2017-01-13 09:57 - 000560260 _____ C:\WINDOWS\system32\cp_resources.bin
 
==================== Files in the root of some directories =======
 
2017-04-25 10:08 - 2017-04-25 10:08 - 000000529 _____ () C:\Users\wpg_t\AppData\Local\Perfmon.PerfmonCfg
2017-04-25 09:35 - 2017-08-24 03:10 - 000007679 _____ () C:\Users\wpg_t\AppData\Local\resmon.resmoncfg
2017-05-03 19:06 - 2017-05-03 19:06 - 000000003 _____ () C:\Users\wpg_t\AppData\Local\updater.log
2017-05-03 19:06 - 2017-05-03 19:06 - 000000425 _____ () C:\Users\wpg_t\AppData\Local\UserProducts.xml
2017-09-13 02:11 - 2017-09-13 02:11 - 000004930 _____ () C:\ProgramData\flwjycbm.bab
2017-09-13 02:11 - 2017-09-13 02:11 - 000000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-23 07:13
 
==================== End of FRST.txt ============================


#6 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 27 September 2017 - 09:52 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by wpg_t (27-09-2017 21:46:55)
Running from C:\Users\wpg_t\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-10 03:41:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1289290483-1558043448-3844216220-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1289290483-1558043448-3844216220-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1289290483-1558043448-3844216220-1000 - Limited - Disabled)
Guest (S-1-5-21-1289290483-1558043448-3844216220-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1289290483-1558043448-3844216220-1004 - Limited - Enabled)
wpg_t (S-1-5-21-1289290483-1558043448-3844216220-1001 - Administrator - Enabled) => C:\Users\wpg_t
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-dacca96a-1664-41a8-9e9d-fd217fe16ee3) (Version: 3.0.2.118 - WildTangent) Hidden
888poker (HKLM-x32\...\{4D7C3811-3AC4-4B8A-BA1B-416A5133E6A1}) (Version: 7.3.02003 - 888) Hidden
888poker (HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\...\InstallShield_{4D7C3811-3AC4-4B8A-BA1B-416A5133E6A1}) (Version: 7.3.02003 - 888)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-67ea271c-651b-47e8-b75d-7522891baf83) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-c57ce4dc-3ab8-45d1-a947-fb43a061687c) (Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Coyote The Outlander (HKLM-x32\...\WTA-77804897-6c35-4541-988f-e54f7e66fddd) (Version: 3.0.2.59 - WildTangent) Hidden
Cybereason RansomFree 2.4.0.0 (HKLM-x32\...\{E5187076-2C8E-4062-88D2-E29DC4F4962C}) (Version: 2.4.0.0 - Cybereason Inc.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-19c5145e-4d4d-421d-88ae-8d123b6dc5a7) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (HKLM-x32\...\WTA-87c3efb5-f3cf-4636-8758-486d54ee76e7) (Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Facebook Gameroom 1.8.6429.23271 (HKLM-x32\...\{D71E0CAE-F4B3-499E-B515-396B02139A39}) (Version: 1.8.6429.23271 - Facebook)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-f154b772-ac94-492c-b4be-96f384040bb2) (Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Home Makeover (HKLM-x32\...\WTA-6225436a-9408-40cb-a7e6-b81224a0ad2b) (Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IGT Slots: Paradise Garden (HKLM-x32\...\WTA-4a44fe6c-70cc-4bbf-9233-259e9bb93cc5) (Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-9b121532-f676-41e9-a109-f2430a556ea3) (Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-8363e240-f55d-4f9a-8ea7-7d053bdb8b1a) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{76FAF7E1-52D0-49F7-A627-E78303F9C7EF}) (Version: 6.0.39.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000071-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.71.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Jewel Match Snowscapes (HKLM-x32\...\WTA-67d3f75c-5d44-474f-a95f-9d65e67cf918) (Version: 3.0.2.118 - WildTangent) Hidden
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-a2eff268-4e46-47b3-9e5e-6ca5fe61ac8f) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-549f68e3-4f4d-4ac9-bbcb-b5ba47fcbe48) (Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-26de2b22-3277-458a-b917-dc722c8d9841) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-21bc97b4-0c90-45d3-8814-ecb723921fab) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-3875334f-cb57-43ea-bae5-9a7b3f552db4) (Version: 3.0.2.59 - WildTangent) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.10.1.10 - Symantec Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
partypoker (HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\...\PartyPoker) (Version:  - )
Plagiarii (HKLM-x32\...\WTA-6cfcf05a-eaf6-45cf-a4a3-72b5813c53b3) (Version: 3.0.2.59 - WildTangent) Hidden
Poker PlayNow.com (HKLM-x32\...\Poker PlayNow.com ) (Version:  - Boss Media AB)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
Polar Bowler 1st Frame (HKLM-x32\...\WTA-9622778b-ec27-4353-86b9-07f9274eba16) (Version: 3.0.2.59 - WildTangent) Hidden
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.14393.11233 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-28c029a8-f71e-4c9e-affc-f0a7018c0656) (Version: 3.0.2.126 - WildTangent) Hidden
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.28.5.4848 - Enigma Software Group, LLC)
Super HUD (HKLM-x32\...\Super HUD) (Version:  - Poker Pro Labs)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124128.inf_amd64_a53720acf0e8395d\igfxDTCM.dll [2017-08-30] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {048EAF67-F11F-4B52-B50C-0F74DE319A59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {0522F7AD-33D7-48F0-AE00-E0A6161CBF7A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {09231D56-3065-4CD6-B334-877A36CF70EB} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {09498989-879D-49F0-981F-24D1AC185CA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)
Task: {13A0BA9C-FC29-4178-9515-40B78BA8B840} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-10] (Adobe Systems Incorporated)
Task: {14AA4EDD-F0B6-413A-BFC6-502165A635CB} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {1CB6BA9C-2C37-4051-927B-2F8B7C3D5BD6} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-08-07] (Cybereason)
Task: {1D0DF2A7-DFF3-42AB-A466-BA49A958DA36} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {20E83525-C3DD-4F09-B075-646D3ED42A61} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.)
Task: {2B27190D-A0B3-4066-A1F5-4A416F16EE0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {3B362756-B6C7-4650-B3D6-F186C1E9F874} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {58D92A58-B620-4EA3-9E96-80816C261C42} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {5E9CE45F-F082-458C-A932-5B86DCF165B3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {61489C60-7BF4-4473-8D11-2CC3C406B482} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {650AA5D2-35E5-4209-A159-C0503FDAC99F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {66310D3E-22F9-48DE-8A07-A1815621764C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {7D606F14-F885-4895-9C15-DCF320F31143} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-09-21] (Enigma Software Group USA, LLC.)
Task: {812B2DBC-ABEC-4913-97DA-FCD306AA801F} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-08-07] (Cybereason)
Task: {88CB9ACB-07A1-4641-A213-15778E10B5D2} - System32\Tasks\S-1-5-21-1289290483-1558043448-3844216220-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {89247F2E-02B0-4D18-8CFB-3BC32882ACF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {911C2D8B-DB4B-443F-BC3E-778E6E24B138} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {A07770D3-5E8F-48D5-98B7-58CA13164341} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {C0821835-EC7A-4173-A807-095C774AD071} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {C08403F7-83CA-4DE4-B9AD-94A87C2C65DE} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {C69131CA-41FF-4003-BC8D-EF22D2DF5514} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {C7CD17AA-707F-452A-B598-B4AC262699D1} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {CF1AD8EA-FE92-4A04-B86F-553630350A64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {E85ABA94-EE8D-4D8D-8311-68D3224E8829} - System32\Tasks\HPCeeScheduleForwpg_t => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {EBEA1712-8ACD-4A7B-AA6F-0FF5B21C0AFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {F02BFE2A-7AD4-4DAF-8441-9D07A4D4355F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-26] (Google Inc.)
Task: {FA0858AE-A1A1-417D-A795-F3E92EB4B2E3} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForwpg_t.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-11 23:40 - 2014-04-14 21:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-09-13 02:22 - 2016-08-02 05:40 - 002257408 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2017-03-18 15:57 - 2017-03-18 15:57 - 000037376 _____ () C:\WINDOWS\system32\SpectrumSyncClient.dll
2017-04-11 09:08 - 2017-04-11 09:08 - 000495616 _____ () C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
2017-08-26 23:42 - 2017-08-26 23:42 - 000349696 _____ () C:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10.dll
2017-09-13 02:18 - 2017-05-09 00:03 - 000165376 _____ () C:\Program Files\PostgreSQL\9.3\lib\plpgsql.dll
2017-09-07 20:17 - 2017-09-07 20:17 - 002652776 _____ () C:\Programs\PartyGaming\PartyGaming.exe
2017-04-20 23:44 - 2017-04-20 23:44 - 000251392 _____ () c:\programs\partygaming\EBEngine\GGC3\pgwebrenderer.exe
2017-04-25 13:03 - 2017-01-10 04:23 - 001114112 _____ () C:\Program Files (x86)\Poker PlayNow.com\poker.exe
2017-04-25 13:03 - 2017-01-10 04:23 - 000032768 _____ () C:\Program Files (x86)\Poker PlayNow.com\browserhost.exe
2017-09-25 17:43 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 17:43 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2016-03-23 09:57 - 2016-03-23 09:57 - 037016064 ____R () C:\Program Files (x86)\PokerTracker 4\libcef.dll
2016-03-23 09:57 - 2016-03-23 09:57 - 000861696 ____R () C:\Program Files (x86)\PokerTracker 4\ffmpegsumo.dll
2017-04-20 23:44 - 2017-04-20 23:44 - 000037888 _____ () C:\Programs\PartyGaming\ArticleManager.dll
2017-04-20 23:49 - 2017-04-20 23:49 - 000059904 _____ () C:\Programs\PartyGaming\zlib1.dll
2017-05-31 23:00 - 2017-05-31 23:00 - 000935424 _____ () C:\Programs\PartyGaming\PocoNet.dll
2017-05-31 23:00 - 2017-05-31 23:00 - 000266752 _____ () C:\Programs\PartyGaming\PocoJSON.dll
2017-05-31 23:00 - 2017-05-31 23:00 - 000416768 _____ () C:\Programs\PartyGaming\PocoUtil.dll
2017-05-31 23:00 - 2017-05-31 23:00 - 000556544 _____ () C:\Programs\PartyGaming\PocoXML.dll
2017-04-20 23:44 - 2017-04-20 23:44 - 000035840 _____ () C:\Programs\PartyGaming\PGBrowser.dll
2017-09-07 00:47 - 2017-09-07 00:47 - 004275304 _____ () c:\programs\partygaming\PartyPoker\GameTable.dll
2017-04-20 23:45 - 2017-04-20 23:45 - 054310912 _____ () c:\programs\partygaming\EBEngine\GGC3\libcef.dll
2017-09-19 22:17 - 2017-07-17 07:32 - 001848344 _____ () C:\Users\wpg_t\AppData\Local\PokerTracker 4\Temp\PartyCommunicator.pt4
2017-04-20 23:45 - 2017-04-20 23:45 - 001989120 _____ () c:\programs\partygaming\EBEngine\GGC3\libglesv2.dll
2017-04-20 23:45 - 2017-04-20 23:45 - 000075264 _____ () c:\programs\partygaming\EBEngine\GGC3\libegl.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 001732608 _____ () C:\Program Files (x86)\Poker PlayNow.com\devlib.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 001642496 _____ () C:\Program Files (x86)\Poker PlayNow.com\devlibcomm.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 001445888 _____ () C:\Program Files (x86)\Poker PlayNow.com\poker.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 000155648 _____ () C:\Program Files (x86)\Poker PlayNow.com\xml.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 000643072 _____ () C:\Program Files (x86)\Poker PlayNow.com\common.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 000847872 _____ () C:\Program Files (x86)\Poker PlayNow.com\libprotobuf.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 001310720 _____ () C:\Program Files (x86)\Poker PlayNow.com\protobuf.dll
2017-04-25 13:03 - 2017-01-10 04:23 - 000081920 _____ () C:\Program Files (x86)\Poker PlayNow.com\cardlib.dll
2017-04-25 13:03 - 2017-01-10 04:24 - 000073728 _____ () C:\Program Files (x86)\Poker PlayNow.com\texas.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2017-08-26 17:43 - 000000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\wpg_t\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{76637270-8302-4060-a155-eb155258fa0a}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-1289290483-1558043448-3844216220-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{227BE652-E390-4C5D-9BDD-0BB7C697946F}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{39AEAC91-1A26-4FF3-BDFC-90A510DB8EE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCE6742A-AA62-4E17-8ACB-77A12F48235A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3030363A-BDA2-4582-B736-A0E0D94BDFD7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F489684F-E10B-4AB9-8A70-006FDDDF5C12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-09-2017 13:59:27 Installed Cybereason RansomFree 2.4.0.0
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/27/2017 09:48:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\windows.storage.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Cybereason RansomFree Service because of this error.
 
Program: Cybereason RansomFree Service
File: C:\Windows\SysWOW64\windows.storage.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 0564E910
Disk type: 3
 
Error: (09/27/2017 09:48:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CybereasonRansomFreeServiceHost.exe, version: 2.4.0.0, time stamp: 0x598824d5
Faulting module name: crsdll.dll, version: 2.9.1.0, time stamp: 0x59882071
Exception code: 0xc000001d
Fault offset: 0x00121ae3
Faulting process id: 0x82ac
Faulting application start time: 0x01d33804431e4272
Faulting application path: C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
Faulting module path: C:\Program Files (x86)\Cybereason\RansomFree\crsdll.dll
Report Id: df8f906f-686a-42dc-89d1-23e612542adb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/27/2017 09:47:14 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Cybereason RansomFree Service because of this error.
 
Program: Cybereason RansomFree Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 050CE3F0
Disk type: 0
 
Error: (09/27/2017 09:47:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CybereasonRansomFreeServiceHost.exe, version: 2.4.0.0, time stamp: 0x598824d5
Faulting module name: crsdll.dll, version: 2.9.1.0, time stamp: 0x59882071
Exception code: 0xc000001d
Fault offset: 0x00121ae3
Faulting process id: 0xe54c
Faulting application start time: 0x01d33804117335d2
Faulting application path: C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
Faulting module path: C:\Program Files (x86)\Cybereason\RansomFree\crsdll.dll
Report Id: 6c90fc05-fa5c-4373-a17b-5f8a9063cfb8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/27/2017 09:45:51 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Cybereason RansomFree Service because of this error.
 
Program: Cybereason RansomFree Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 0572E7F0
Disk type: 0
 
Error: (09/27/2017 09:45:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CybereasonRansomFreeServiceHost.exe, version: 2.4.0.0, time stamp: 0x598824d5
Faulting module name: crsdll.dll, version: 2.9.1.0, time stamp: 0x59882071
Exception code: 0xc000001d
Fault offset: 0x00121ae3
Faulting process id: 0x390c
Faulting application start time: 0x01d33803e4027f58
Faulting application path: C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
Faulting module path: C:\Program Files (x86)\Cybereason\RansomFree\crsdll.dll
Report Id: d973d112-178b-46b3-91d5-cebd6bf7da6f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/27/2017 09:44:33 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Cybereason RansomFree Service because of this error.
 
Program: Cybereason RansomFree Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 04D7E600
Disk type: 0
 
Error: (09/27/2017 09:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CybereasonRansomFreeServiceHost.exe, version: 2.4.0.0, time stamp: 0x598824d5
Faulting module name: crsdll.dll, version: 2.9.1.0, time stamp: 0x59882071
Exception code: 0xc000001d
Fault offset: 0x00121ae3
Faulting process id: 0x38e08
Faulting application start time: 0x01d33803b56a1f0b
Faulting application path: C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
Faulting module path: C:\Program Files (x86)\Cybereason\RansomFree\crsdll.dll
Report Id: b9e1a919-d94d-4cf6-b29a-845c472af15c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/27/2017 09:43:15 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Cybereason RansomFree Service because of this error.
 
Program: Cybereason RansomFree Service
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: 047DE2B0
Disk type: 0
 
Error: (09/27/2017 09:43:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CybereasonRansomFreeServiceHost.exe, version: 2.4.0.0, time stamp: 0x598824d5
Faulting module name: crsdll.dll, version: 2.9.1.0, time stamp: 0x59882071
Exception code: 0xc000001d
Fault offset: 0x00121ae3
Faulting process id: 0x5b1ac
Faulting application start time: 0x01d3380386c658aa
Faulting application path: C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
Faulting module path: C:\Program Files (x86)\Cybereason\RansomFree\crsdll.dll
Report Id: 52e868d9-49b4-4052-9efa-81234e2d4add
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (09/27/2017 09:48:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2380 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:47:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2379 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:46:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2378 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2377 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:43:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2376 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:42:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2375 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:40:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2374 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:39:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2373 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:38:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2372 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/27/2017 09:37:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cybereason RansomFree Engine service terminated unexpectedly.  It has done this 2371 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-12 18:44:38.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-12 18:44:38.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 76%
Total physical RAM: 3993.41 MB
Available physical RAM: 936.11 MB
Total Virtual: 6041.41 MB
Available Virtual: 1526.46 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.74 GB) (Free:360.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 27 September 2017 - 10:24 PM

And you can call me Trevor :P



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 28 September 2017 - 12:29 PM

Greetings Trevor,

Thank you again for your patience.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program because of the number of errors associated with it. If you'd like you can reinstall it once we finish cleaning your computer.
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Cybereason RansomFree

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
C:\Users\xava0so
C:\Users\Akh5mn
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 __SHD C:\Users\wpg_t\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Xselect222
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Csettingsettings14
C:\WINDOWS\system32\default_error_stack*.txt
2017-09-13 02:11 - 2017-09-13 02:11 - 000004930 _____ C:\ProgramData\flwjycbm.bab
2017-09-13 02:11 - 2017-09-13 02:11 - 000000016 _____ C:\ProgramData\mntemp
2017-09-12 02:40 - 2017-09-12 16:59 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl.001
2017-09-12 02:40 - 2017-09-12 02:40 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click the mbar icon and select Run as administrator
  • Click OK to install it on your desktop
  • Click Next on the following screen
  • On the Update Database: screen click Update to download the latest definition updates then click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Remove program?
  • Fixlog
  • MBAR report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 03:30 PM

what types of P2P programs did you see? wild tangent? or poker sites? because if its poker sites i wont be removing them, but the wild tangent stuff no problem i can remove them. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:37 PM

Posted 28 September 2017 - 04:00 PM

My apologies. I posted that warning on the wrong topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 04:07 PM

I have removed cyber reason antilransomware thing.


Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by wpg_t (28-09-2017 15:58:11) Run:1
Running from C:\Users\wpg_t\Desktop
Loaded Profiles: wpg_t (Available Profiles: wpg_t)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.1.10\Exts\Chrome.crx <not found>
C:\Users\xava0so
C:\Users\Akh5mn
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 __SHD C:\Users\wpg_t\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Xselect222
2017-09-24 05:23 - 2017-09-24 05:23 - 000000000 ____D C:\Csettingsettings14
C:\WINDOWS\system32\default_error_stack*.txt
2017-09-13 02:11 - 2017-09-13 02:11 - 000004930 _____ C:\ProgramData\flwjycbm.bab
2017-09-13 02:11 - 2017-09-13 02:11 - 000000016 _____ C:\ProgramData\mntemp
2017-09-12 02:40 - 2017-09-12 16:59 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl.001
2017-09-12 02:40 - 2017-09-12 02:40 - 000065536 _____ C:\WINDOWS\FaceUnlock.etl
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => key removed successfully
C:\Users\xava0so => moved successfully
C:\Users\Akh5mn => moved successfully
C:\Users\wpg_t\Desktop\0K, this directory is for Ransomware detection (just leave it here) => moved successfully
C:\Xselect222 => moved successfully
C:\Csettingsettings14 => moved successfully
 
=========== "C:\WINDOWS\system32\default_error_stack*.txt" ==========
 
C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000006-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000007-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000008-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000009-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000010-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000011-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000012-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000013-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000014-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000015-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000016-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000017-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000018-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000019-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000020-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000021-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000022-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000023-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000024-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000025-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000026-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000027-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000028-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000029-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000030-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000031-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000032-000000.txt => moved successfully
 
========= End -> "C:\WINDOWS\system32\default_error_stack*.txt" ========
 
C:\ProgramData\flwjycbm.bab => moved successfully
C:\ProgramData\mntemp => moved successfully
C:\WINDOWS\FaceUnlock.etl.001 => moved successfully
C:\WINDOWS\FaceUnlock.etl => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 15:59:57 ====


#12 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 05:59 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.608.15063.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.304000 GHz
Memory total: 4187389952, free: 2217869312
 
Downloaded database version: v2017.09.28.07
Downloaded database version: v2017.09.13.01
Downloaded database version: v2017.09.01.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     09/28/2017 16:17:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\drivers\NSx64\160A010.00A\SYMEFASI64.SYS
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NSx64\160A010.00A\ccSetx64.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\drivers\NSx64\160A010.00A\Ironx64.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\NSx64\160A010.00A\SRTSP64.SYS
\SystemRoot\system32\drivers\NSx64\160A010.00A\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\NSx64\160A010.00A\SYMNETS.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20170927.001\IDSvia64.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20170920.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\msiscsi.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\ki124128.inf_amd64_a53720acf0e8395d\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\VirtualButtons.sys
\SystemRoot\System32\drivers\dptf_acpi.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\irda.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\hvservice.sys
\SystemRoot\system32\drivers\winhvr.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\vmgid.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.09.28.07
  rootkit: v2017.09.13.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffb80e79d24060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffb80e79ca39f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffb80e79d24060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffb80e79ca4b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffb80e772f2040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffb80e7566a3c0, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1462803382
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid d60b5ca8-5554-4031-a913-71e0946e7ced
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1462803382
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid d60b5ca8-5554-4031-a913-71e0946e7ced
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID c86d1eb7-558a-4f82-a377-d9784ff29b6f
    FirstLBA 2048  Last LBA 534527
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7a71670a-62d6-40e5-97ff-fbcc3f2ae
    FirstLBA 534528  Last LBA 796671
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2f798783-9b8d-4b08-9b96-bec441c35861
    FirstLBA 796672  Last LBA 933481587
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f35b0714-9da1-465b-aa1d-82bd7b889c6
    FirstLBA 933482496  Last LBA 935153663
    Attributes 1
    Partition Name                                     
 
    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8cbc48d2-3429-460b-9591-19b6d6694b57
    FirstLBA 935153664  Last LBA 976766975
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\QBackup\index.qbs" is compressed (flags = 32769)
File "C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\QBackup\index.qbs" is sparse (flags = 32769)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


#13 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 06:08 PM

the computer seems to be alright now, except the system process seems to be using a lot of disk writing space out of nowhere periodically in task manager, and the file explorer i still have access is denied in some files and folders. and my start menu doesnt come up when i click on the windows logo on the bottom left of my screen, or when i press the windows key on my keyboard.



#14 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 06:25 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.09.28.07
  rootkit: v2017.09.13.01
 
Windows 10 x64 NTFS
Internet Explorer 11.608.15063.0
wpg_t :: DESKTOP-N7I39C5 [administrator]
 
2017-09-28 4:17:39 PM
mbar-log-2017-09-28 (16-17-39).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 295561
Time elapsed: 1 hour(s), 22 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#15 tmedicine

tmedicine
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 September 2017 - 06:35 PM

  The start menu not opening happened ever since the computer crashed though, when i had to use the emergency bios startup to fix that, so I expect these scans and procedures to not fix that. I think I should run DISM /Online /Cleanup-Image /RestoreHealth? and then sfc /scannow on powershell with administrative privileges to fix that? Can I? :P






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users