Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing possible Remote Administration Tool(RAT) and keylogger


  • This topic is locked This topic is locked
12 replies to this topic

#1 knowledgeiskey

knowledgeiskey

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 11 November 2017 - 09:59 AM

To whom it may concern

I have windows 10 64-bit on my ASUS laptop.

I use Bitdefenfer antivirus (around the clock) and Malwarebytes (manual scan every 3 to 5 days). I also use CyberGhost as my VPN.

I have reasons to believe that my computer has been hacked by a Remote Access Tool (RAT) with key-logger. A lot of my personal pictures and videos have been deleted without my consent. In April 2017, I found under my Documents folder, the following file: Default.rdp Remote Desktop Connection. I have never allowed a remote connection to my computer. I deleted that file. That same month, I also found under Task Manager Startup tab, 2 applications that I did not installed: one called Program and the other one called Video. I disabled both of these applications.

I have scanned my computer many times with Bitdefender and Malwarebytes, but the scan results said my system is clean. However, ESET online scanner has found a malware (see scan result included). NoBot Security has found sp_data.sys file under the Appdata/Roaming folder (see attached scan result). I have tried several times to delete sp_data.sys both by using NoBot and manually. But after I restart my computer, sp_data.sys keeps reinstalling itself back in the Appdata/Roaming folder.

I have also scanned my computer with the following softwares. All scan results included below:
-Farbar Recovery Tool -10/19/2017
-ESET online scanner - 10/16/2017
-NoBot Security - 10/16/2017
-Malwarebytes Anti Rootkits- 10/16/2017
-Junkware Removal Tool - 10/26/2017
-AdwCleaner - 10/26/2017

Please let me know if you need updated scan results.

How can I completely delete sp_data.sys? Any help will be greatly appreciated! Thank you!

********************************************************************************************************************
FARBAR RECOVERY SCAN TOOL RESULT - FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
Ran by Christine (administrator) on LAPTOP-I4ACB5T9 (19-10-2017 19:44:03)
Running from C:\Users\Christine\Downloads
Loaded Profiles: Christine (Available Profiles: Christine)
Platform: Windows 10 Home Version 1703 15063.540 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE
(CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1246800 2017-09-18] (CyberGhost S.A.)
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 38.132.106.139 194.187.251.67 185.93.180.131
Tcpip\..\Interfaces\{4201ebc1-e1f1-4552-9812-1bb352ee7b85}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{4201ebc1-e1f1-4552-9812-1bb352ee7b85}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{48fa4aaf-82cd-4079-bacf-d799cdc7c238}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{77edc170-73d1-4c8c-b997-be56916b06f6}: [NameServer] 208.67.222.222,8.8.4.4
Tcpip\..\Interfaces\{7867174d-4192-48c5-8e57-75cdcb68ad87}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{f882592d-0da5-4a56-9047-188d840a1df3}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ff62359b-1840-472a-a8a1-1b33b94507ad}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{ff62359b-1840-472a-a8a1-1b33b94507ad}: [DhcpNameServer] 38.132.106.139 194.187.251.67 185.93.180.131

Internet Explorer:
==================
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3578030153-2842855419-15906583-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-10-03] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-10-03] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-10-03] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-10-03] (Bitdefender)

FireFox:
========
FF DefaultProfile: t9g2y07i.default
FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\t9g2y07i.default [2017-10-18]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2017-09-09]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Bitdefender Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-04-25]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-10-19]
CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-01]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-09-08] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [242256 2017-09-18] (CyberGhost S.A.)
S2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-10-03] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1280816 2017-10-15] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98776 2017-04-11] (ASUS Corporation)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1019880 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1763744 2017-10-03] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-07-28] (BitDefender LLC)
R2 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-09-08] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-16] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-09-08] (BitDefender LLC)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [362664 2017-10-03] (Bitdefender)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-20] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-06] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-09-08] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 19:44 - 2017-10-19 19:44 - 000016076 _____ C:\Users\Christine\Downloads\FRST.txt
2017-10-19 19:42 - 2017-10-19 19:44 - 000000000 ____D C:\FRST
2017-10-19 19:40 - 2017-10-19 19:40 - 002402816 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe
2017-10-18 17:02 - 2017-10-18 21:14 - 000001129 _____ C:\Users\Christine\Documents\starburn.txt
2017-10-17 04:20 - 2017-10-17 04:20 - 000001152 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2017-10-17 04:20 - 2017-10-17 04:20 - 000000000 ____D C:\Users\Christine\AppData\Roaming\VOWSoft
2017-10-17 04:19 - 2017-10-17 04:19 - 013915008 _____ C:\Users\Christine\Downloads\ibackupbot_setup.exe
2017-10-17 03:28 - 2017-10-17 04:20 - 000000000 ____D C:\Program Files\VOW Software
2017-10-17 03:25 - 2017-10-17 03:25 - 010766960 _____ C:\Users\Christine\Downloads\icopybot_setup.exe
2017-10-16 21:37 - 2017-10-16 23:51 - 000003312 _____ C:\Users\Christine\Documents\Malwarebytes help request.txt
2017-10-16 13:19 - 2017-10-16 13:19 - 000000000 ____D C:\NoBot
2017-10-16 13:18 - 2017-10-16 13:19 - 001369080 _____ (Simple IT Solutions, LLC) C:\Users\Christine\Downloads\NoBot.exe
2017-10-16 09:24 - 2017-10-16 09:24 - 000000000 ____D C:\Users\Christine\Desktop\MyEsetScan
2017-10-16 03:38 - 2017-10-16 03:38 - 002870984 _____ (ESET) C:\Users\Christine\Downloads\esetsmartinstaller_enu.exe
2017-10-16 02:11 - 2017-10-16 03:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-16 01:57 - 2017-10-16 03:12 - 000000000 ____D C:\Users\Christine\Desktop\mbar
2017-10-16 01:56 - 2017-10-16 01:56 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Christine\Downloads\mbar-1.09.3.1001.exe
2017-10-11 13:48 - 2017-10-18 20:40 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-08 00:23 - 2017-10-08 00:50 - 000001030 _____ C:\Users\Christine\Documents\Complaint about neighbor in apartment 104 bumping wall against my back again despite my previous complaint.txt
2017-10-04 21:00 - 2017-10-04 21:00 - 000000000 ____D C:\Program Files\MSCONFIG for Windows 10 and 8
2017-10-04 20:55 - 2017-10-04 20:55 - 000835647 _____ C:\Users\Christine\Downloads\MSCONFIGforWindows10and8.zip
2017-09-21 12:08 - 2017-09-21 23:45 - 000001348 _____ C:\Users\Christine\Documents\Complaint about Neighbor hitting walls during my daughter's nap.txt
2017-09-20 22:17 - 2017-09-20 22:17 - 000042891 _____ C:\ProgramData\dm.update.1505963785.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 19:38 - 2016-04-26 16:27 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-10-19 18:34 - 2017-08-20 07:28 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-10-19 18:34 - 2016-04-26 12:30 - 000000165 _____ C:\Users\Christine\AppData\Roaming\sp_data.sys
2017-10-19 18:33 - 2017-05-13 12:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-19 18:33 - 2017-05-13 12:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-19 18:33 - 2016-04-26 12:30 - 000000000 __SHD C:\Users\Christine\IntelGraphicsProfiles
2017-10-19 01:55 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-18 20:42 - 2017-03-18 06:40 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2017-10-18 20:40 - 2017-05-13 12:46 - 000221872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-18 20:39 - 2017-05-13 13:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-18 20:39 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-10-18 20:38 - 2016-04-27 12:35 - 000085011 _____ C:\bdlog.txt
2017-10-18 20:26 - 2016-04-29 16:02 - 000000000 ____D C:\Users\Christine\AppData\Roaming\vlc
2017-10-17 14:06 - 2016-11-23 03:58 - 000000000 ____D C:\Users\Christine\AppData\Local\CyberGhost
2017-10-17 04:20 - 2017-09-13 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-16 19:53 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-16 02:11 - 2016-06-07 18:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-16 01:57 - 2017-09-02 13:29 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-10-13 23:41 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-11 13:48 - 2017-06-03 06:23 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-03 02:13 - 2016-10-28 21:31 - 000362664 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-10-03 02:10 - 2017-09-08 22:38 - 001019880 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2017-10-03 02:08 - 2016-10-28 21:32 - 001763744 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-09-25 21:23 - 2016-05-02 10:08 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 21:23 - 2016-05-02 10:08 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-20 20:19 - 2017-05-13 13:06 - 001317450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-20 05:09 - 2017-09-02 13:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-20 03:58 - 2017-09-02 13:28 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2016-04-26 12:30 - 2017-10-19 18:34 - 000000165 _____ () C:\Users\Christine\AppData\Roaming\sp_data.sys
2016-10-28 20:05 - 2016-10-28 20:05 - 000217915 _____ () C:\ProgramData\1477702983.bdinstall.bin
2016-11-01 16:30 - 2016-11-01 16:30 - 000028767 _____ () C:\ProgramData\agent.1478035797.bdinstall.bin
2017-06-13 21:07 - 2017-06-13 21:07 - 000030975 _____ () C:\ProgramData\agent.update.1497406011.bdinstall.bin
2016-10-28 21:42 - 2016-10-28 21:42 - 000402222 _____ () C:\ProgramData\cl.1477707469.bdinstall.bin
2016-10-28 20:06 - 2016-10-28 20:06 - 000019410 _____ () C:\ProgramData\dm.1477703181.2592.bin
2016-10-28 20:06 - 2016-10-28 20:06 - 000001216 _____ () C:\ProgramData\dm.1477703181.2608.bin
2016-10-28 20:06 - 2016-10-28 20:06 - 000013659 _____ () C:\ProgramData\dm.1477703181.7660.bin
2016-10-28 21:43 - 2016-10-28 21:43 - 000037957 _____ () C:\ProgramData\dm.1477708964.bdinstall.bin
2016-11-10 18:15 - 2016-11-10 18:15 - 000038265 _____ () C:\ProgramData\dm.1478819691.bdinstall.bin
2016-11-20 02:59 - 2016-11-20 02:59 - 000039010 _____ () C:\ProgramData\dm.1479628786.bdinstall.bin
2016-12-14 05:48 - 2016-12-14 05:48 - 000039346 _____ () C:\ProgramData\dm.1481712523.bdinstall.bin
2017-09-20 22:17 - 2017-09-20 22:17 - 000042891 _____ () C:\ProgramData\dm.update.1505963785.bdinstall.bin
2017-05-13 12:49 - 2017-05-13 12:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\011243AD.sys
C:\Windows\System32\Drivers\02F45D3A.sys
C:\Windows\System32\Drivers\03853FA2.sys
C:\Windows\System32\Drivers\15026815.sys
C:\Windows\System32\Drivers\152B4E7E.sys
C:\Windows\System32\Drivers\179F5E70.sys
C:\Windows\System32\Drivers\183040D8.sys
C:\Windows\System32\Drivers\1AE3665F.sys
C:\Windows\System32\Drivers\1B353332.sys
C:\Windows\System32\Drivers\1B4B4E61.sys
C:\Windows\System32\Drivers\1F4C5B18.sys
C:\Windows\System32\Drivers\216B4E43.sys
C:\Windows\System32\Drivers\219434AC.sys
C:\Windows\System32\Drivers\248377DA.sys
C:\Windows\System32\Drivers\2A294481.sys
C:\Windows\System32\Drivers\2C334477.sys
C:\Windows\System32\Drivers\2EBC5B9B.sys
C:\Windows\System32\Drivers\2EFB5D33.sys
C:\Windows\System32\Drivers\2F8C3F9B.sys
C:\Windows\System32\Drivers\348A66B1.sys
C:\Windows\System32\Drivers\39074E9F.sys
C:\Windows\System32\Drivers\3EFE6818.sys
C:\Windows\System32\Drivers\443740D1.sys
C:\Windows\System32\Drivers\45313335.sys
C:\Windows\System32\Drivers\46EB6659.sys
C:\Windows\System32\Drivers\4B535B12.sys
C:\Windows\System32\Drivers\4EC1496A.sys
C:\Windows\System32\Drivers\550B43B3.sys
C:\Windows\System32\Drivers\5AC45B94.sys
C:\Windows\System32\Drivers\609166AA.sys
C:\Windows\System32\Drivers\65764A97.sys
C:\Windows\System32\Drivers\69244E85.sys
C:\Windows\System32\Drivers\6AC53E7F.sys
C:\Windows\System32\Drivers\6B985E76.sys
C:\Windows\System32\Drivers\6CD03E75.sys
C:\Windows\System32\Drivers\6E093271.sys
C:\Windows\System32\Drivers\714F4E5D.sys
C:\Windows\System32\Drivers\776F4E40.sys
C:\Windows\System32\Drivers\79A3349F.sys
C:\Windows\System32\Drivers\7AC84964.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\011243AD.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\02F45D3A.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\03853FA2.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\15026815.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\152B4E7E.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\179F5E70.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\183040D8.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1AE3665F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1B353332.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1B4B4E61.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1F4C5B18.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\216B4E43.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\219434AC.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\248377DA.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2A294481.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2C334477.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2EBC5B9B.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2EFB5D33.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2F8C3F9B.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\348A66B1.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\39074E9F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\3EFE6818.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\443740D1.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\45313335.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\46EB6659.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\4B535B12.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\4EC1496A.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\550B43B3.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\5AC45B94.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\609166AA.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\65764A97.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\69244E85.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6AC53E7F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6B985E76.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6CD03E75.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6E093271.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\714F4E5D.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\776F4E40.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\79A3349F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\7AC84964.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-10-11 21:22

==================== End of FRST.txt ============================

*********************************************************************************************************************************************************************************************
FARBAR RECOVERY SCAN TOOL RESULT - Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by Christine (19-10-2017 19:45:50)
Running from C:\Users\Christine\Downloads
Windows 10 Home Version 1703 15063.540 (X64) (2017-05-13 18:21:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3578030153-2842855419-15906583-500 - Administrator - Disabled)
Christine (S-1-5-21-3578030153-2842855419-15906583-1001 - Administrator - Enabled) => C:\Users\Christine
DefaultAccount (S-1-5-21-3578030153-2842855419-15906583-503 - Limited - Disabled)
Guest (S-1-5-21-3578030153-2842855419-15906583-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.105 - ICEpower a/s)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
MSCONFIG for Windows 10 and 8 (HKLM\...\MSCONFIG for Windows 10 and 8_is1) (Version: 1.0 - Winaero)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
Wondershare Filmora(Build 7.8.9) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-10-03] (Bitdefender)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-10-03] (Bitdefender)
ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-10-03] (Bitdefender)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll [2017-10-03] (Bitdefender)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A59CCD0-E724-4BD4-A722-CF077287DA13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {1D307835-E132-4F00-82ED-50844F64007E} - System32\Tasks\S-1-5-21-3578030153-2842855419-15906583-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {36BCA19C-8CE1-480F-A110-A2698ABF7848} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-10-03] (Bitdefender)
Task: {457C3558-EB63-44CB-A4F5-77FAA1B90405} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {5009BC51-9F86-4801-9C26-594944C5A963} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {5D5C3608-8EFB-4FCA-9C78-C48572F0DFBC} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {68CC274D-D8AF-41EC-9D35-30336D334A23} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {6B49955E-A793-4D05-8BAD-DBB03772448B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {74D91C95-7BA0-43F4-BD53-2CADDA58A790} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {840C315C-9876-40DF-9317-F1763A272E95} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {934DEBB4-17F9-4FCD-AF29-CFB6E17012B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C9E2E0FE-502F-4200-B3C4-8D754BF80EA0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {D46FF5FB-2D3E-4730-897E-35AD746C1127} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {FA830F76-00FE-4158-9404-25296BE57DB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {FD9094F4-C67A-4A97-B2AB-A1CAF24A50AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-04-11] (AsusTek)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864.job => C:\Program Files\Bitdefender Agent\WatchDog.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-08 22:34 - 2017-09-08 22:34 - 000111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-07 13:54 - 2017-02-07 13:54 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpbr.mdl
2017-02-07 13:54 - 2017-02-07 13:54 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpdsp.mdl
2017-02-07 13:54 - 2017-02-07 13:54 - 003243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpph.mdl
2017-02-07 13:54 - 2017-02-07 13:54 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttprbl.mdl
2016-03-02 14:55 - 2015-07-20 22:19 - 000121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-03 06:23 - 2017-10-11 13:48 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-30 22:57 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-09-25 21:23 - 2017-09-21 02:29 - 004022616 _____ () c:\program files (x86)\google\chrome\application\61.0.3163.100\libglesv2.dll
2017-09-25 21:23 - 2017-09-21 02:29 - 000100184 _____ () c:\program files (x86)\google\chrome\application\61.0.3163.100\libegl.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-11-23 03:58 - 2017-09-18 03:45 - 000174448 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\liblzo2-2.dll
2016-11-23 03:58 - 2017-09-18 03:45 - 000115168 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\libpkcs11-helper-1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Christine\Downloads\AmazonMusicInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup529.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup530pro.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup530_protrial.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\CG_5.5.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\filmora_setup_full846 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\filmora_setup_full846.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\iTunes6464Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\video-converter-ultimate_setup_full495.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\vlc-2.2.2-win32 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\vlc-2.2.2-win32.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2017-10-19 19:33 - 000000036 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 platform.wondershare.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Signature\Signature01.jpg
DNS Servers: 38.132.106.139 - 194.187.251.67
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{302F1142-4921-490E-B99C-E61A6C15A694}] => (Block) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8A38F51E-D3EC-48CB-A7E7-9BE3F8949B0A}] => (Block) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{F4C729A4-E631-4315-ADD5-79216E263400}C:\users\christine\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{1201018F-7DA0-4AFC-9999-F5680340927D}C:\users\christine\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8B5A03FC-78C9-4FFB-BB5A-F921AA15B322}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{110432BC-AD21-4CF2-8AB9-D6C09708CF7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08A229B2-E168-4DA8-B6F0-82FFBE77DCA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCBECF54-43D5-456D-AA89-E6AD3A33AD28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87ED2EC9-1C2C-409F-9D60-4EE3C58671C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD2614D0-2700-4C92-AC84-67E9936A473E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A32EA649-033D-4493-80F0-E387DDF8FB80}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CB7AC3A5-BBA3-4283-A07B-D09E1846A179}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-10-2017 17:07:49 Scheduled Checkpoint
13-10-2017 19:50:21 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2017 02:22:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15469

Error: (10/19/2017 02:22:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15469

Error: (10/19/2017 02:22:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2017 08:40:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WsAppService.exe, version: 2.2.4.1, time stamp: 0x5784a857
Faulting module name: KERNELBASE.dll, version: 6.2.15063.502, time stamp: 0x005405b5
Exception code: 0xe053534f
Fault offset: 0x0000000000069e08
Faulting process id: 0x%9
Faulting application start time: 0xWsAppService.exe0
Faulting application path: WsAppService.exe1
Faulting module path: WsAppService.exe2
Report Id: WsAppService.exe3
Faulting package full name: WsAppService.exe4
Faulting package-relative application ID: WsAppService.exe5

Error: (10/18/2017 08:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x273c
Faulting application start time: 0x01d348785812ef6b
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: a5a8509f-aca3-4ade-ab31-0ff94ffc59cd
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 08:09:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x2098
Faulting application start time: 0x01d34876f2334de6
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: de6fa4c1-a3f8-47e6-96f6-06cbac16e258
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 07:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x1904
Faulting application start time: 0x01d348758c54ce0d
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: 7f854fd9-ecb5-4a3f-8aa7-b92d4d021bad
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 07:49:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x24ec
Faulting application start time: 0x01d34874267ed977
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: fceee934-a61a-4886-8401-7027110e252f
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 07:39:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x724
Faulting application start time: 0x01d34872c08ca78d
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: 0f0dc695-6296-470f-919f-b5445dec35cc
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 07:29:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Faulting module name: bdredline.exe, version: 1.0.1.28, time stamp: 0x598d6767
Exception code: 0xc0000409
Fault offset: 0x000000000010b698
Faulting process id: 0x1e70
Faulting application start time: 0x01d3487159a9bcde
Faulting application path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Faulting module path: C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
Report Id: 08b7fcce-3b55-4c1d-94d3-1996ce0dbd3c
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/18/2017 09:44:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 08:41:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 08:41:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 08:40:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/18/2017 08:39:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (10/18/2017 08:19:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.

Error: (10/18/2017 08:09:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.

Error: (10/18/2017 07:59:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.

Error: (10/18/2017 07:49:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.

Error: (10/18/2017 07:39:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 600000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-10-18 20:40:57.366
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-08 01:10:08.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-04 19:02:20.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-03 01:50:50.975
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 20:14:19.589
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 03:58:32.045
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-16 02:19:11.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-09 12:35:58.339
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-09 12:27:29.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-09-09 12:27:29.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 71%
Total physical RAM: 3997.43 MB
Available physical RAM: 1129.38 MB
Total Virtual: 5981.43 MB
Available Virtual: 2459.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465 GB) (Free:166.14 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4FA19CB0)

Partition: GPT.

==================== End of Addition.txt ============================

*********************************************************************************************************************************************************************************************
MALWAREBYTES ANTI-ROOTKIT SCAN RESULT - mbar

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.10.16.03
rootkit: v2017.10.14.01

Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
Christine :: LAPTOP-I4ACB5T9 [administrator]

10/16/2017 2:11:34 AM
mbar-log-2017-10-16 (02-11-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 280652
Time elapsed: 24 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

*********************************************************************************************************************************************************************************************
JUNKWARE REMOVAL TOOL SCAN RESULT- JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Christine (Administrator) on Thu 10/26/2017 at 1:02:13.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\1477702983.bdinstall.bin (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/26/2017 at 1:05:12.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*********************************************************************************************************************************************************************************************
ESET SCAN RESULT

C:\Users\Christine\Downloads\ccsetup529.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Christine\Downloads\ccsetup530pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Christine\Downloads\ccsetup530_protrial.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


*********************************************************************************************************************************************************************************************
ADWCLEANER SCAN RESULT

# AdwCleaner 7.0.3.1 - Logfile created on Thu Oct 26 06:22:00 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-26-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic, Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
PUP.Adware.Heuristic, Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
PUP.Adware.Heuristic, Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C


***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 12 November 2017 - 10:44 PM

Greetings knowledgeiskey and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all Wondershare products, and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 knowledgeiskey

knowledgeiskey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 14 November 2017 - 05:04 PM

Gary

Thank you very much for your reply and assistance. I will do everything as you instructed, and then get back to you! I appreciate your help!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 14 November 2017 - 05:18 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 knowledgeiskey

knowledgeiskey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 November 2017 - 01:11 AM

Here are the requested reports

 

***************************************************************************************************

CKScanner report

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
scanner sequence 3.NA.11.BVAPSZ
 ----- EOF ----- 
 
*****************************************************************************************************
FRST report
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Christine (administrator) on LAPTOP-I4ACB5T9 (14-11-2017 23:59:54)
Running from C:\Users\Christine\Downloads
Loaded Profiles: Christine (Available Profiles: Christine)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(CyberGhost S.A.) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1332304 2017-10-27] (CyberGhost S.A.)
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 38.132.106.139 194.187.251.67 185.93.180.131
Tcpip\..\Interfaces\{4201ebc1-e1f1-4552-9812-1bb352ee7b85}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{4201ebc1-e1f1-4552-9812-1bb352ee7b85}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{48fa4aaf-82cd-4079-bacf-d799cdc7c238}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{77edc170-73d1-4c8c-b997-be56916b06f6}: [NameServer] 208.67.222.222,8.8.4.4
Tcpip\..\Interfaces\{7867174d-4192-48c5-8e57-75cdcb68ad87}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{f882592d-0da5-4a56-9047-188d840a1df3}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ff62359b-1840-472a-a8a1-1b33b94507ad}: [NameServer] 38.132.106.139,194.187.251.67
Tcpip\..\Interfaces\{ff62359b-1840-472a-a8a1-1b33b94507ad}: [DhcpNameServer] 38.132.106.139 194.187.251.67 185.93.180.131
 
Internet Explorer:
==================
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3578030153-2842855419-15906583-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-11-14] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-11-14] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-11-14] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-11-14] (Bitdefender)
 
FireFox:
========
FF DefaultProfile: t9g2y07i.default
FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\t9g2y07i.default [2017-11-04]
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff [2017-09-09]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-10-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Bitdefender Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-04-25]
CHR Extension: (TubeBuddy for YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2017-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2017-11-14]
CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2090152 2017-09-08] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [242256 2017-10-27] (CyberGhost S.A.)
S2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-10-06] (Bitdefender)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-11-14] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1230880 2017-11-14] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98776 2017-04-11] (ASUS Corporation)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1019880 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1763744 2017-10-03] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-07-28] (BitDefender LLC)
R2 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-09-08] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-16] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-09-08] (BitDefender LLC)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [362664 2017-10-03] (Bitdefender)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-14] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-06] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-09-08] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-14 23:59 - 2017-11-15 00:00 - 000015541 _____ C:\Users\Christine\Downloads\FRST.txt
2017-11-14 23:59 - 2017-11-14 23:59 - 000000000 ____D C:\Users\Christine\Downloads\FRST-OlderVersion
2017-11-14 23:58 - 2017-11-14 23:58 - 000001060 _____ C:\Users\Christine\Desktop\AdwCleaner.exe - Shortcut.lnk
2017-11-14 23:56 - 2017-11-14 23:57 - 000000000 ____D C:\Users\Christine\Desktop\CKScanner
2017-11-14 23:52 - 2017-11-14 23:52 - 000001051 _____ C:\Users\Christine\Desktop\CKScanner.exe - Shortcut.lnk
2017-11-14 23:47 - 2017-11-14 23:47 - 000468480 _____ () C:\Users\Christine\Downloads\CKScanner.exe
2017-11-14 16:15 - 2017-11-14 21:39 - 000011431 _____ C:\Users\Christine\Documents\starburn.txt
2017-11-14 08:46 - 2017-11-14 08:46 - 000042687 _____ C:\ProgramData\dm.update.1510670756.bdinstall.bin
2017-11-14 01:11 - 2017-11-14 23:34 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-14 01:11 - 2017-11-14 01:11 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-14 01:11 - 2017-11-14 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-14 01:10 - 2017-11-14 01:10 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-12 23:00 - 2017-09-29 20:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-11-12 23:00 - 2017-09-29 20:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-12 23:00 - 2017-09-29 20:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-12 23:00 - 2017-09-29 20:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-11-12 23:00 - 2017-09-29 20:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-11-12 23:00 - 2017-09-29 20:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-11-12 23:00 - 2017-09-29 20:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-12 23:00 - 2017-09-29 20:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-11-12 23:00 - 2017-09-29 01:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-12 23:00 - 2017-09-29 01:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-12 23:00 - 2017-09-29 01:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-12 23:00 - 2017-09-29 01:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-11-12 23:00 - 2017-09-29 01:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-11-12 23:00 - 2017-09-29 01:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-12 23:00 - 2017-09-29 01:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-12 23:00 - 2017-09-29 01:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-12 23:00 - 2017-09-29 01:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-12 23:00 - 2017-09-29 01:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-11-12 23:00 - 2017-09-29 01:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-11-12 23:00 - 2017-09-29 01:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-11-12 23:00 - 2017-09-29 01:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-11-12 23:00 - 2017-09-29 01:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-11-12 23:00 - 2017-09-29 01:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-11-12 23:00 - 2017-09-29 01:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-11-12 23:00 - 2017-09-29 01:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-11-12 23:00 - 2017-09-20 09:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-12 23:00 - 2017-09-20 09:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-12 23:00 - 2017-09-20 09:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-12 23:00 - 2017-09-04 22:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-11-12 23:00 - 2017-09-04 22:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-12 23:00 - 2017-09-04 22:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-11-12 23:00 - 2017-09-04 22:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-12 23:00 - 2017-09-04 22:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-12 23:00 - 2017-09-04 22:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-12 23:00 - 2017-09-04 22:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-11-12 23:00 - 2017-09-04 22:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-11-12 23:00 - 2017-09-04 22:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-11-12 23:00 - 2017-09-04 22:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-11-12 23:00 - 2017-09-04 22:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-11-12 23:00 - 2017-09-04 22:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-12 23:00 - 2017-09-04 22:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-11-12 23:00 - 2017-09-04 22:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-11-12 23:00 - 2017-09-04 22:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-11-12 23:00 - 2017-09-04 22:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-11-12 23:00 - 2017-09-04 22:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-11-12 23:00 - 2017-09-04 22:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-11-12 23:00 - 2017-09-04 22:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-11-12 23:00 - 2017-09-04 22:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-12 23:00 - 2017-09-04 22:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-11-12 23:00 - 2017-09-04 22:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-11-12 23:00 - 2017-09-04 22:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-12 23:00 - 2017-09-04 22:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-12 23:00 - 2017-09-04 22:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-11-12 23:00 - 2017-09-04 22:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-11-12 23:00 - 2017-09-04 22:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-11-12 23:00 - 2017-09-04 22:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-11-12 23:00 - 2017-09-04 22:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-12 23:00 - 2017-09-04 22:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-11-12 23:00 - 2017-09-04 22:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-11-12 22:59 - 2017-09-29 20:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-12 22:59 - 2017-09-29 20:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-12 22:59 - 2017-09-29 20:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-12 22:59 - 2017-09-29 20:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-11-12 22:59 - 2017-09-29 20:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-11-12 22:59 - 2017-09-29 20:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-12 22:59 - 2017-09-29 20:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-12 22:59 - 2017-09-29 20:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-11-12 22:59 - 2017-09-29 20:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-11-12 22:59 - 2017-09-29 20:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-11-12 22:59 - 2017-09-29 20:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-11-12 22:59 - 2017-09-29 20:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-12 22:59 - 2017-09-29 20:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-11-12 22:59 - 2017-09-29 20:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-11-12 22:59 - 2017-09-29 20:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-12 22:59 - 2017-09-29 20:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-12 22:59 - 2017-09-29 20:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-12 22:59 - 2017-09-29 20:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-12 22:59 - 2017-09-29 20:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-12 22:59 - 2017-09-29 01:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-12 22:59 - 2017-09-29 01:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-12 22:59 - 2017-09-29 01:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-11-12 22:59 - 2017-09-29 01:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-11-12 22:59 - 2017-09-29 01:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-11-12 22:59 - 2017-09-29 01:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-12 22:59 - 2017-09-29 01:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-11-12 22:59 - 2017-09-29 01:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-11-12 22:59 - 2017-09-29 01:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-11-12 22:59 - 2017-09-29 01:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-11-12 22:59 - 2017-09-29 01:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-12 22:59 - 2017-09-29 01:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-12 22:59 - 2017-09-29 01:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-11-12 22:59 - 2017-09-29 01:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-11-12 22:59 - 2017-09-29 01:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-12 22:59 - 2017-09-29 01:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-11-12 22:59 - 2017-09-29 01:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-12 22:59 - 2017-09-29 01:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-11-12 22:59 - 2017-09-29 01:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-12 22:59 - 2017-09-29 01:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-12 22:59 - 2017-09-29 01:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-12 22:59 - 2017-09-29 01:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-11-12 22:59 - 2017-09-29 01:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-12 22:59 - 2017-09-29 01:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-11-12 22:59 - 2017-09-29 01:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-12 22:59 - 2017-09-29 01:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-11-12 22:59 - 2017-09-29 01:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-12 22:59 - 2017-09-29 01:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-11-12 22:59 - 2017-09-29 01:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-11-12 22:59 - 2017-09-29 01:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-11-12 22:59 - 2017-09-29 01:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-11-12 22:59 - 2017-09-28 23:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-12 22:59 - 2017-09-28 23:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-11-12 22:59 - 2017-09-18 16:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-11-12 22:59 - 2017-09-04 23:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-12 22:59 - 2017-09-04 23:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-11-12 22:59 - 2017-09-04 22:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-12 22:59 - 2017-09-04 22:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-11-12 22:59 - 2017-09-04 22:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-12 22:59 - 2017-09-04 22:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-11-12 22:59 - 2017-09-04 22:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-12 22:59 - 2017-09-04 22:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-12 22:59 - 2017-09-04 22:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-12 22:59 - 2017-09-04 22:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-11-12 22:59 - 2017-09-04 22:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-11-12 22:59 - 2017-09-04 22:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-12 22:59 - 2017-09-04 22:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-11-12 22:59 - 2017-09-04 22:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-11-12 22:59 - 2017-09-04 22:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-12 22:59 - 2017-09-04 22:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-11-12 22:59 - 2017-09-04 22:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-12 22:59 - 2017-09-04 22:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-12 22:59 - 2017-09-04 22:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-11-12 22:59 - 2017-09-04 22:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-11-12 22:59 - 2017-09-04 22:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-11-12 22:59 - 2017-09-04 22:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-11-12 22:59 - 2017-09-04 22:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-11-12 22:59 - 2017-09-04 22:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-12 22:59 - 2017-09-04 22:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-11-12 22:59 - 2017-09-04 22:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-12 22:59 - 2017-09-04 22:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-12 22:59 - 2017-09-04 22:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-11-12 22:59 - 2017-09-04 22:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-12 22:59 - 2017-09-04 22:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-11-12 22:59 - 2017-09-04 22:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-11-12 22:59 - 2017-09-04 22:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-12 22:59 - 2017-09-04 22:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-12 22:59 - 2017-09-04 22:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-11-12 22:59 - 2017-09-04 22:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-12 22:59 - 2017-09-04 22:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-12 22:59 - 2017-09-04 22:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-11-12 22:58 - 2017-09-29 20:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-12 22:58 - 2017-09-29 01:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-12 22:58 - 2017-09-18 16:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-11-12 22:58 - 2017-09-04 22:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-11-12 22:58 - 2017-09-04 22:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-11-12 22:58 - 2017-09-04 22:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-12 22:58 - 2017-09-04 22:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-11-12 22:58 - 2017-09-04 22:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-11-12 22:54 - 2017-09-29 23:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-11-12 22:54 - 2017-09-29 23:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-11-12 22:54 - 2017-09-29 23:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-11-12 22:54 - 2017-09-29 01:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-12 22:54 - 2017-09-29 01:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-12 22:54 - 2017-09-04 22:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-11-12 22:54 - 2017-09-04 22:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-11-12 22:54 - 2017-09-04 22:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-11-12 22:53 - 2017-09-29 23:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-11-12 22:53 - 2017-09-29 23:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-11-12 22:53 - 2017-09-29 23:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-12 22:53 - 2017-09-29 01:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-12 22:53 - 2017-09-29 01:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-12 22:53 - 2017-09-29 01:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-12 22:53 - 2017-09-29 01:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-12 22:53 - 2017-09-29 01:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-11-12 22:53 - 2017-09-29 01:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-11-12 22:53 - 2017-09-29 01:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-12 22:53 - 2017-09-29 01:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-11-12 22:53 - 2017-09-29 01:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-12 22:53 - 2017-09-29 01:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-12 22:53 - 2017-09-29 01:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-12 22:53 - 2017-09-29 01:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-11-12 22:53 - 2017-09-29 01:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-12 22:53 - 2017-09-29 01:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-12 22:53 - 2017-09-29 01:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-12 22:53 - 2017-09-29 01:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-11-12 22:53 - 2017-09-29 01:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-11-12 22:53 - 2017-09-04 23:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-11-12 22:53 - 2017-09-04 23:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-12 22:53 - 2017-09-04 23:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-11-12 22:53 - 2017-09-04 23:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-11-12 22:53 - 2017-09-04 22:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-12 22:53 - 2017-09-04 22:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-11-12 22:53 - 2017-09-04 22:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-11-12 22:53 - 2017-09-04 22:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-11-12 22:53 - 2017-09-04 22:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-11-12 22:53 - 2017-09-04 22:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-12 22:53 - 2017-09-04 22:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-11-12 22:53 - 2017-09-04 22:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-11-12 22:53 - 2017-09-04 22:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-11-12 22:53 - 2017-09-04 22:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-12 22:53 - 2017-09-04 22:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-12 22:53 - 2017-09-04 22:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-12 22:53 - 2017-09-04 22:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-11-12 22:53 - 2017-09-04 22:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-12 22:53 - 2017-08-31 23:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-11-12 22:52 - 2017-09-29 23:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-12 22:52 - 2017-09-29 23:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-12 22:52 - 2017-09-29 23:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-11-12 22:52 - 2017-09-29 23:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-12 22:52 - 2017-09-29 23:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-11-12 22:52 - 2017-09-29 23:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-11-12 22:52 - 2017-09-29 23:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-12 22:52 - 2017-09-29 23:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-12 22:52 - 2017-09-29 23:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-11-12 22:52 - 2017-09-29 23:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-12 22:52 - 2017-09-29 23:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-11-12 22:52 - 2017-09-29 23:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-11-12 22:52 - 2017-09-29 01:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-11-12 22:52 - 2017-09-29 01:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-11-12 22:52 - 2017-09-29 01:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-12 22:52 - 2017-09-29 01:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-12 22:52 - 2017-09-29 01:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-12 22:52 - 2017-09-29 01:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-11-12 22:52 - 2017-09-29 01:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-11-12 22:52 - 2017-09-29 01:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-12 22:52 - 2017-09-29 01:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-11-12 22:52 - 2017-09-29 01:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-11-12 22:52 - 2017-09-29 01:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-12 22:52 - 2017-09-29 01:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-12 22:52 - 2017-09-29 01:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-12 22:52 - 2017-09-29 01:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-11-12 22:52 - 2017-09-29 01:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-12 22:52 - 2017-09-29 01:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-12 22:52 - 2017-09-29 01:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-12 22:52 - 2017-09-29 01:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-11-12 22:52 - 2017-09-29 01:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-11-12 22:52 - 2017-09-29 01:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-12 22:52 - 2017-09-29 01:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-12 22:52 - 2017-09-29 01:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-12 22:52 - 2017-09-29 01:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-11-12 22:52 - 2017-09-29 01:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-12 22:52 - 2017-09-29 01:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-12 22:52 - 2017-09-29 01:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-11-12 22:52 - 2017-09-29 01:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-11-12 22:52 - 2017-09-29 01:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-11-12 22:52 - 2017-09-29 01:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-12 22:52 - 2017-09-29 01:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-11-12 22:52 - 2017-09-29 01:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-11-12 22:52 - 2017-09-29 01:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-11-12 22:52 - 2017-09-29 01:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-12 22:52 - 2017-09-29 01:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-12 22:52 - 2017-09-29 01:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-11-12 22:52 - 2017-09-29 01:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-11-12 22:52 - 2017-09-29 01:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-11-12 22:52 - 2017-09-29 01:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-12 22:52 - 2017-09-29 01:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-11-12 22:52 - 2017-09-29 01:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-11-12 22:52 - 2017-09-29 01:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-11-12 22:52 - 2017-09-29 01:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-11-12 22:52 - 2017-09-29 01:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-11-12 22:52 - 2017-09-29 01:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-11-12 22:52 - 2017-09-18 17:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-11-12 22:52 - 2017-09-04 23:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-11-12 22:52 - 2017-09-04 23:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-11-12 22:52 - 2017-09-04 23:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-12 22:52 - 2017-09-04 23:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-12 22:52 - 2017-09-04 23:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-11-12 22:52 - 2017-09-04 23:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-11-12 22:52 - 2017-09-04 22:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-12 22:52 - 2017-09-04 22:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-12 22:52 - 2017-09-04 22:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-12 22:52 - 2017-09-04 22:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-11-12 22:52 - 2017-09-04 22:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-11-12 22:52 - 2017-09-04 22:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-11-12 22:52 - 2017-09-04 22:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-11-12 22:52 - 2017-09-04 22:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-11-12 22:52 - 2017-09-04 22:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-11-12 22:52 - 2017-09-04 22:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-11-12 22:52 - 2017-09-04 22:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-11-12 22:52 - 2017-09-04 22:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-12 22:52 - 2017-09-04 22:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-11-12 22:52 - 2017-09-04 22:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-11-12 22:52 - 2017-09-04 22:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-11-12 22:52 - 2017-09-04 22:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-12 22:52 - 2017-09-04 22:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-11-12 22:52 - 2017-09-04 22:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-11-12 22:52 - 2017-09-04 22:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-11-12 22:52 - 2017-09-04 22:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-12 22:52 - 2017-09-04 22:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-11-12 22:52 - 2017-09-04 22:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-12 22:52 - 2017-09-04 22:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-12 22:52 - 2017-09-04 22:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-11-12 22:52 - 2017-09-04 22:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-12 22:52 - 2017-09-04 22:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-11-12 22:52 - 2017-09-04 22:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-11-12 22:52 - 2017-09-04 22:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-11-12 22:51 - 2017-09-29 23:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-11-12 22:51 - 2017-09-29 23:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-12 22:51 - 2017-09-29 23:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-12 22:51 - 2017-09-29 23:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-11-12 22:51 - 2017-09-29 23:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-12 22:51 - 2017-09-29 23:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-12 22:51 - 2017-09-29 01:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-11-12 22:51 - 2017-09-29 01:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-12 22:51 - 2017-09-29 01:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-12 22:51 - 2017-09-29 01:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-12 22:51 - 2017-09-29 01:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-11-12 22:51 - 2017-09-29 01:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-11-12 22:51 - 2017-09-29 01:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-12 22:51 - 2017-09-29 01:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-12 22:51 - 2017-09-29 01:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-11-12 22:51 - 2017-09-29 01:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-11-12 22:51 - 2017-09-29 01:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-11-12 22:51 - 2017-09-29 01:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-11-12 22:51 - 2017-09-04 23:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-12 22:51 - 2017-09-04 23:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-11-12 22:51 - 2017-09-04 23:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-11-12 22:51 - 2017-09-04 23:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-12 22:51 - 2017-09-04 23:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-11-12 22:51 - 2017-09-04 23:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-11-12 22:51 - 2017-09-04 23:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-12 22:51 - 2017-09-04 23:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-11-12 22:51 - 2017-09-04 23:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-11-12 22:51 - 2017-09-04 23:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-12 22:51 - 2017-09-04 23:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-12 22:51 - 2017-09-04 22:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-12 22:51 - 2017-09-04 22:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-12 22:51 - 2017-09-04 22:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-11-12 22:51 - 2017-09-04 22:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-11-12 22:51 - 2017-09-04 22:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-11-12 22:51 - 2017-09-04 22:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-11-12 22:51 - 2017-09-04 22:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-11-12 22:51 - 2017-09-04 22:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-11-12 22:51 - 2017-09-04 22:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-12 22:51 - 2017-09-04 22:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-11-12 22:51 - 2017-09-04 22:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-11-12 22:51 - 2017-09-04 22:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-11-12 22:51 - 2017-09-04 22:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-11-12 22:51 - 2017-09-04 22:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-12 22:51 - 2017-09-04 22:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-11-12 22:51 - 2017-09-04 22:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-11-12 22:51 - 2017-09-04 22:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-11-12 22:51 - 2017-09-04 22:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-11-12 22:51 - 2017-09-04 22:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-11-12 22:51 - 2017-09-04 22:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-11-12 22:51 - 2017-09-04 22:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-11-12 22:51 - 2017-09-04 22:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-11-12 22:51 - 2017-09-04 22:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-11-12 22:51 - 2017-09-04 22:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-11-12 22:51 - 2017-09-04 22:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-11-12 22:51 - 2017-09-04 22:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-11-12 22:50 - 2017-09-29 23:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-12 22:50 - 2017-09-29 23:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-12 22:50 - 2017-09-29 23:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-12 22:50 - 2017-09-29 23:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-12 22:50 - 2017-09-29 23:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-12 22:50 - 2017-09-29 23:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-12 22:50 - 2017-09-29 23:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-11-12 22:50 - 2017-09-29 23:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-12 22:50 - 2017-09-29 23:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-11-12 22:50 - 2017-09-29 23:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-11-12 22:50 - 2017-09-29 23:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-12 22:50 - 2017-09-29 23:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-12 22:50 - 2017-09-29 23:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-11-12 22:50 - 2017-09-29 01:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-12 22:50 - 2017-09-29 01:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-12 22:50 - 2017-09-29 01:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-12 22:50 - 2017-09-29 01:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-11-12 22:50 - 2017-09-29 01:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-12 22:50 - 2017-09-29 01:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-11-12 22:50 - 2017-09-29 01:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-12 22:50 - 2017-09-29 01:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-11-12 22:50 - 2017-09-29 01:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-11-12 22:50 - 2017-09-29 01:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-12 22:50 - 2017-09-29 01:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-12 22:50 - 2017-09-29 01:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-11-12 22:50 - 2017-09-29 01:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-12 22:50 - 2017-09-29 01:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-12 22:50 - 2017-09-29 01:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-11-12 22:50 - 2017-09-29 01:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-12 22:50 - 2017-09-29 01:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-11-12 22:50 - 2017-09-29 01:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-11-12 22:50 - 2017-09-29 01:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-11-12 22:50 - 2017-09-29 01:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-11-12 22:50 - 2017-09-29 01:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-11-12 22:50 - 2017-09-18 16:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-11-12 22:50 - 2017-09-04 23:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-12 22:50 - 2017-09-04 23:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-12 22:50 - 2017-09-04 23:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-11-12 22:50 - 2017-09-04 23:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-12 22:50 - 2017-09-04 23:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-12 22:50 - 2017-09-04 23:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-12 22:50 - 2017-09-04 23:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-11-12 22:50 - 2017-09-04 22:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-12 22:50 - 2017-09-04 22:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-12 22:50 - 2017-09-04 22:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-12 22:50 - 2017-09-04 22:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-12 22:50 - 2017-09-04 22:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-11-12 22:50 - 2017-09-04 22:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-11-12 22:50 - 2017-09-04 22:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-11-12 22:50 - 2017-09-04 22:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-11-12 22:50 - 2017-09-04 22:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-11-12 22:50 - 2017-09-04 22:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-11-12 22:50 - 2017-09-04 22:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-11-12 22:50 - 2017-09-04 22:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-12 22:50 - 2017-09-04 22:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-11-12 22:50 - 2017-09-04 22:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-12 22:50 - 2017-09-04 22:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-11-12 22:50 - 2017-09-04 22:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-11-12 22:50 - 2017-09-04 22:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-12 22:50 - 2017-09-04 22:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-11-12 22:50 - 2017-09-04 22:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-11-12 22:50 - 2017-09-04 22:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-12 22:50 - 2017-09-04 22:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-12 22:50 - 2017-09-04 22:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-11-12 22:50 - 2017-09-04 22:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-12 22:50 - 2017-09-04 22:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-11-12 22:50 - 2017-09-04 22:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-12 22:50 - 2017-09-04 22:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-11-12 22:50 - 2017-09-04 22:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-11-12 22:50 - 2017-09-04 22:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-11-12 22:50 - 2017-09-04 22:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-11-12 22:49 - 2017-09-29 23:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-12 22:49 - 2017-09-29 23:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-12 22:49 - 2017-09-29 23:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-12 22:49 - 2017-09-29 23:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-12 22:49 - 2017-09-29 23:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-11-12 22:49 - 2017-09-29 23:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-12 22:49 - 2017-09-29 23:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-11-12 22:49 - 2017-09-29 23:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-11-12 22:49 - 2017-09-29 01:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-11-12 22:49 - 2017-09-29 01:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-11-12 22:49 - 2017-09-29 01:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-12 22:49 - 2017-09-29 01:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-11-12 22:49 - 2017-09-29 01:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-11-12 22:49 - 2017-09-29 01:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-12 22:49 - 2017-09-29 01:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-12 22:49 - 2017-09-29 01:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-12 22:49 - 2017-09-29 01:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-11-12 22:49 - 2017-09-29 01:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-11-12 22:49 - 2017-09-29 01:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-12 22:49 - 2017-09-29 01:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-11-12 22:49 - 2017-09-29 01:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-11-12 22:49 - 2017-09-29 01:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-11-12 22:49 - 2017-09-29 01:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-11-12 22:49 - 2017-09-29 01:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-11-12 22:49 - 2017-09-18 17:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-11-12 22:49 - 2017-09-18 17:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-11-12 22:49 - 2017-09-18 17:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-12 22:49 - 2017-09-18 17:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-11-12 22:49 - 2017-09-18 17:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-11-12 22:49 - 2017-09-18 17:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-12 22:49 - 2017-09-18 16:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-11-12 22:49 - 2017-09-18 16:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-11-12 22:49 - 2017-09-18 16:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-11-12 22:49 - 2017-09-04 23:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-12 22:49 - 2017-09-04 23:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-11-12 22:49 - 2017-09-04 23:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-12 22:49 - 2017-09-04 23:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-11-12 22:49 - 2017-09-04 23:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-11-12 22:49 - 2017-09-04 22:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-11-12 22:49 - 2017-09-04 22:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-11-12 22:49 - 2017-09-04 22:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-11-12 22:49 - 2017-09-04 22:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-11-12 22:49 - 2017-09-04 22:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-11-12 22:49 - 2017-09-04 22:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-12 22:49 - 2017-09-04 22:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-11-12 22:49 - 2017-09-04 22:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-11-12 22:49 - 2017-09-04 22:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-11-12 22:49 - 2017-09-04 22:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-12 22:49 - 2017-09-04 22:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-11-12 22:49 - 2017-09-04 22:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-11-12 22:48 - 2017-09-29 23:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-12 22:48 - 2017-09-29 23:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-12 22:48 - 2017-09-29 01:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-12 22:48 - 2017-09-18 17:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-12 22:48 - 2017-09-04 23:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-12 22:48 - 2017-09-04 23:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-12 22:48 - 2017-09-04 23:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-12 22:48 - 2017-09-04 22:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-11-12 22:48 - 2017-09-04 22:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-11-12 22:48 - 2017-09-04 22:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-11-12 22:47 - 2017-09-04 22:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-11-05 02:11 - 2017-11-05 02:16 - 000000000 ____D C:\Users\Christine\Desktop\FARBAR Recovery Tool
2017-11-05 02:09 - 2017-11-05 02:39 - 000068353 _____ C:\Users\Christine\Documents\ALL SACN RESULTS.txt
2017-10-31 22:41 - 2017-10-31 22:41 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-31 22:41 - 2017-10-31 22:41 - 000000000 ____D C:\Program Files\iPod
2017-10-31 22:40 - 2017-10-31 22:41 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 00:53 - 2017-10-26 00:54 - 000000000 ____D C:\Users\Christine\Desktop\AdwCleaner scans
2017-10-26 00:18 - 2017-10-26 00:22 - 000000000 ____D C:\AdwCleaner
2017-10-26 00:16 - 2017-10-26 00:16 - 008250832 _____ (Malwarebytes) C:\Users\Christine\Downloads\AdwCleaner.exe
2017-10-26 00:09 - 2017-10-26 00:11 - 000000000 ____D C:\Users\Christine\Desktop\Junkware Removal Tool Scans
2017-10-25 23:59 - 2017-10-25 23:59 - 000000991 _____ C:\Users\Christine\Desktop\JRT.exe - Shortcut.lnk
2017-10-25 23:59 - 2017-10-25 23:59 - 000000969 _____ C:\Users\Christine\Downloads\JRT.exe - Shortcut.lnk
2017-10-25 23:56 - 2017-10-25 23:56 - 001790024 _____ (Malwarebytes) C:\Users\Christine\Downloads\JRT.exe
2017-10-25 03:55 - 2017-11-14 23:36 - 000000165 _____ C:\Users\Christine\AppData\Roaming\sp_data.sys
2017-10-25 02:14 - 2017-10-25 02:14 - 000001022 _____ C:\Users\Christine\Desktop\FRST64.exe - Shortcut.lnk
2017-10-25 02:13 - 2017-10-25 02:13 - 000001114 _____ C:\Users\Christine\Desktop\mbar-1.09.3.1001.exe - Shortcut.lnk
2017-10-25 02:12 - 2017-10-25 02:12 - 000001011 _____ C:\Users\Christine\Desktop\NoBot.exe - Shortcut.lnk
2017-10-19 18:42 - 2017-11-14 23:59 - 000000000 ____D C:\FRST
2017-10-19 18:40 - 2017-11-14 23:59 - 002392576 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe
2017-10-17 03:20 - 2017-10-17 03:20 - 000001152 _____ C:\Users\Public\Desktop\iBackupBot for iPad iPhone.lnk
2017-10-17 03:20 - 2017-10-17 03:20 - 000000000 ____D C:\Users\Christine\AppData\Roaming\VOWSoft
2017-10-17 03:19 - 2017-10-17 03:19 - 013915008 _____ C:\Users\Christine\Downloads\ibackupbot_setup.exe
2017-10-17 02:28 - 2017-10-17 03:20 - 000000000 ____D C:\Program Files\VOW Software
2017-10-17 02:25 - 2017-10-17 02:25 - 010766960 _____ C:\Users\Christine\Downloads\icopybot_setup.exe
2017-10-16 20:37 - 2017-10-25 20:32 - 000006536 _____ C:\Users\Christine\Documents\Malwarebytes help request.txt
2017-10-16 12:19 - 2017-10-16 12:19 - 000000000 ____D C:\NoBot
2017-10-16 12:18 - 2017-10-16 12:19 - 001369080 _____ (Simple IT Solutions, LLC) C:\Users\Christine\Downloads\NoBot.exe
2017-10-16 08:24 - 2017-10-16 08:24 - 000000000 ____D C:\Users\Christine\Desktop\MyEsetScan
2017-10-16 02:38 - 2017-10-16 02:38 - 002870984 _____ (ESET) C:\Users\Christine\Downloads\esetsmartinstaller_enu.exe
2017-10-16 01:11 - 2017-10-16 02:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-16 00:57 - 2017-10-16 02:12 - 000000000 ____D C:\Users\Christine\Desktop\mbar
2017-10-16 00:56 - 2017-10-16 00:56 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Christine\Downloads\mbar-1.09.3.1001.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-14 23:45 - 2016-11-23 02:58 - 000000000 ____D C:\Users\Christine\AppData\Local\CyberGhost
2017-11-14 23:45 - 2016-04-26 15:27 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-14 23:37 - 2017-05-13 12:06 - 001403634 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 23:37 - 2017-03-18 05:40 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2017-11-14 23:36 - 2017-08-20 06:28 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-11-14 23:35 - 2017-05-13 11:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-14 23:35 - 2016-04-26 11:30 - 000000000 __SHD C:\Users\Christine\IntelGraphicsProfiles
2017-11-14 23:33 - 2017-05-13 12:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 23:33 - 2017-05-13 11:46 - 000221872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 23:32 - 2017-03-18 05:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 23:32 - 2016-04-27 11:35 - 000091594 _____ C:\bdlog.txt
2017-11-14 23:12 - 2017-05-13 11:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 20:03 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-14 09:25 - 2017-05-13 12:08 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 09:25 - 2017-05-13 12:08 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 01:07 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-14 01:06 - 2016-03-02 13:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-14 01:01 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-14 00:57 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-14 00:57 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-14 00:56 - 2017-03-18 15:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-14 00:54 - 2017-03-18 15:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-11-14 00:54 - 2017-03-18 15:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-11-14 00:52 - 2017-05-13 11:51 - 000000000 ____D C:\Users\Christine
2017-11-13 22:00 - 2016-05-02 09:08 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 22:00 - 2016-05-02 09:08 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 23:37 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-01 08:54 - 2017-06-03 05:23 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-31 22:41 - 2017-09-12 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-29 12:28 - 2017-08-01 22:13 - 000000000 ____D C:\Users\Christine\Documents\PRAYER
2017-10-25 23:42 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-25 23:42 - 2016-04-26 11:30 - 000000000 ____D C:\Users\Christine\AppData\Local\Packages
2017-10-25 02:58 - 2016-04-29 15:02 - 000000000 ____D C:\Users\Christine\AppData\Roaming\vlc
2017-10-16 01:11 - 2016-06-07 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes
 
==================== Files in the root of some directories =======
 
2017-10-25 03:55 - 2017-11-14 23:36 - 000000165 _____ () C:\Users\Christine\AppData\Roaming\sp_data.sys
2016-11-01 15:30 - 2016-11-01 15:30 - 000028767 _____ () C:\ProgramData\agent.1478035797.bdinstall.bin
2017-06-13 20:07 - 2017-06-13 20:07 - 000030975 _____ () C:\ProgramData\agent.update.1497406011.bdinstall.bin
2016-10-28 20:42 - 2016-10-28 20:42 - 000402222 _____ () C:\ProgramData\cl.1477707469.bdinstall.bin
2016-10-28 19:06 - 2016-10-28 19:06 - 000019410 _____ () C:\ProgramData\dm.1477703181.2592.bin
2016-10-28 19:06 - 2016-10-28 19:06 - 000001216 _____ () C:\ProgramData\dm.1477703181.2608.bin
2016-10-28 19:06 - 2016-10-28 19:06 - 000013659 _____ () C:\ProgramData\dm.1477703181.7660.bin
2016-10-28 20:43 - 2016-10-28 20:43 - 000037957 _____ () C:\ProgramData\dm.1477708964.bdinstall.bin
2016-11-10 17:15 - 2016-11-10 17:15 - 000038265 _____ () C:\ProgramData\dm.1478819691.bdinstall.bin
2016-11-20 01:59 - 2016-11-20 01:59 - 000039010 _____ () C:\ProgramData\dm.1479628786.bdinstall.bin
2016-12-14 04:48 - 2016-12-14 04:48 - 000039346 _____ () C:\ProgramData\dm.1481712523.bdinstall.bin
2017-11-14 08:46 - 2017-11-14 08:46 - 000042687 _____ () C:\ProgramData\dm.update.1510670756.bdinstall.bin
2017-05-13 11:49 - 2017-05-13 11:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\011243AD.sys
C:\Windows\System32\Drivers\02F45D3A.sys
C:\Windows\System32\Drivers\03853FA2.sys
C:\Windows\System32\Drivers\15026815.sys
C:\Windows\System32\Drivers\152B4E7E.sys
C:\Windows\System32\Drivers\179F5E70.sys
C:\Windows\System32\Drivers\183040D8.sys
C:\Windows\System32\Drivers\1AE3665F.sys
C:\Windows\System32\Drivers\1B353332.sys
C:\Windows\System32\Drivers\1B4B4E61.sys
C:\Windows\System32\Drivers\1F4C5B18.sys
C:\Windows\System32\Drivers\216B4E43.sys
C:\Windows\System32\Drivers\219434AC.sys
C:\Windows\System32\Drivers\248377DA.sys
C:\Windows\System32\Drivers\2A294481.sys
C:\Windows\System32\Drivers\2C334477.sys
C:\Windows\System32\Drivers\2EBC5B9B.sys
C:\Windows\System32\Drivers\2EFB5D33.sys
C:\Windows\System32\Drivers\2F8C3F9B.sys
C:\Windows\System32\Drivers\348A66B1.sys
C:\Windows\System32\Drivers\39074E9F.sys
C:\Windows\System32\Drivers\3EFE6818.sys
C:\Windows\System32\Drivers\443740D1.sys
C:\Windows\System32\Drivers\45313335.sys
C:\Windows\System32\Drivers\46EB6659.sys
C:\Windows\System32\Drivers\4B535B12.sys
C:\Windows\System32\Drivers\4EC1496A.sys
C:\Windows\System32\Drivers\550B43B3.sys
C:\Windows\System32\Drivers\5AC45B94.sys
C:\Windows\System32\Drivers\609166AA.sys
C:\Windows\System32\Drivers\65764A97.sys
C:\Windows\System32\Drivers\69244E85.sys
C:\Windows\System32\Drivers\6AC53E7F.sys
C:\Windows\System32\Drivers\6B985E76.sys
C:\Windows\System32\Drivers\6CD03E75.sys
C:\Windows\System32\Drivers\6E093271.sys
C:\Windows\System32\Drivers\714F4E5D.sys
C:\Windows\System32\Drivers\776F4E40.sys
C:\Windows\System32\Drivers\79A3349F.sys
C:\Windows\System32\Drivers\7AC84964.sys
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\011243AD.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\02F45D3A.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\03853FA2.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\15026815.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\152B4E7E.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\179F5E70.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\183040D8.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1AE3665F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1B353332.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1B4B4E61.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\1F4C5B18.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\216B4E43.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\219434AC.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\248377DA.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2A294481.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2C334477.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2EBC5B9B.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2EFB5D33.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\2F8C3F9B.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\348A66B1.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\39074E9F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\3EFE6818.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\443740D1.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\45313335.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\46EB6659.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\4B535B12.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\4EC1496A.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\550B43B3.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\5AC45B94.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\609166AA.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\65764A97.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\69244E85.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6AC53E7F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6B985E76.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6CD03E75.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\6E093271.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\714F4E5D.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\776F4E40.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\79A3349F.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\7AC84964.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-10 13:27
 
==================== End of FRST.txt ============================
 
**********************************************************************************************************************************************************************
Addition report
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Christine (15-11-2017 00:02:15)
Running from C:\Users\Christine\Downloads
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-13 18:21:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3578030153-2842855419-15906583-500 - Administrator - Disabled)
Christine (S-1-5-21-3578030153-2842855419-15906583-1001 - Administrator - Enabled) => C:\Users\Christine
DefaultAccount (S-1-5-21-3578030153-2842855419-15906583-503 - Limited - Disabled)
Guest (S-1-5-21-3578030153-2842855419-15906583-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.105 - ICEpower a/s)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.1.1 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
MSCONFIG for Windows 10 and 8 (HKLM\...\MSCONFIG for Windows 10 and 8_is1) (Version: 1.0 - Winaero)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A59CCD0-E724-4BD4-A722-CF077287DA13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {1D307835-E132-4F00-82ED-50844F64007E} - System32\Tasks\S-1-5-21-3578030153-2842855419-15906583-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {36BCA19C-8CE1-480F-A110-A2698ABF7848} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-11-14] (Bitdefender)
Task: {457C3558-EB63-44CB-A4F5-77FAA1B90405} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {5009BC51-9F86-4801-9C26-594944C5A963} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {5D5C3608-8EFB-4FCA-9C78-C48572F0DFBC} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {68CC274D-D8AF-41EC-9D35-30336D334A23} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {6B49955E-A793-4D05-8BAD-DBB03772448B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
Task: {74D91C95-7BA0-43F4-BD53-2CADDA58A790} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {840C315C-9876-40DF-9317-F1763A272E95} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {934DEBB4-17F9-4FCD-AF29-CFB6E17012B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {C9E2E0FE-502F-4200-B3C4-8D754BF80EA0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {D46FF5FB-2D3E-4730-897E-35AD746C1127} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {FA830F76-00FE-4158-9404-25296BE57DB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {FD9094F4-C67A-4A97-B2AB-A1CAF24A50AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-04-11] (AsusTek)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864.job => C:\Program Files\Bitdefender Agent\WatchDog.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-08 21:34 - 2017-09-08 21:34 - 000111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-07 12:54 - 2017-02-07 12:54 - 001008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpbr.mdl
2017-02-07 12:54 - 2017-02-07 12:54 - 000541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpdsp.mdl
2017-02-07 12:54 - 2017-02-07 12:54 - 003243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttpph.mdl
2017-02-07 12:54 - 2017-02-07 12:54 - 001544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_003\ashttprbl.mdl
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-02 13:55 - 2015-07-20 21:19 - 000121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
2017-06-03 05:23 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-07-15 07:30 - 2015-02-27 13:38 - 000721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-13 22:00 - 2017-11-10 03:57 - 004135768 _____ () c:\program files (x86)\google\chrome\application\62.0.3202.94\libglesv2.dll
2017-11-13 22:00 - 2017-11-10 03:57 - 000100184 _____ () c:\program files (x86)\google\chrome\application\62.0.3202.94\libegl.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-11-23 02:58 - 2017-10-27 07:44 - 000174448 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\liblzo2-2.dll
2016-11-23 02:58 - 2017-10-27 07:44 - 000115168 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\libpkcs11-helper-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Christine\Downloads\AmazonMusicInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup529.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup530pro.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ccsetup530_protrial.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\CG_5.5.1.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\filmora_setup_full846 (2).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\filmora_setup_full846.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\iTunes6464Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mb3-setup-consumer-3.1.2.1733.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\vlc-2.2.2-win32 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Christine\Downloads\vlc-2.2.2-win32.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 01:24 - 2017-11-14 23:35 - 000000036 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 platform.wondershare.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Signature\Signature01.jpg
DNS Servers: 38.132.106.139 - 194.187.251.67
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "Uninstall C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-3578030153-2842855419-15906583-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{302F1142-4921-490E-B99C-E61A6C15A694}] => (Block) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8A38F51E-D3EC-48CB-A7E7-9BE3F8949B0A}] => (Block) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{F4C729A4-E631-4315-ADD5-79216E263400}C:\users\christine\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{1201018F-7DA0-4AFC-9999-F5680340927D}C:\users\christine\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\christine\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8B5A03FC-78C9-4FFB-BB5A-F921AA15B322}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{110432BC-AD21-4CF2-8AB9-D6C09708CF7F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08A229B2-E168-4DA8-B6F0-82FFBE77DCA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCBECF54-43D5-456D-AA89-E6AD3A33AD28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87ED2EC9-1C2C-409F-9D60-4EE3C58671C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD2614D0-2700-4C92-AC84-67E9936A473E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E2931AB5-A6B0-43E6-8E50-D6E65AF26EBD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{31BC755C-570D-46CE-8F00-6B0CFC159392}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
26-10-2017 00:02:13 JRT Pre-Junkware Removal
04-11-2017 02:30:35 Scheduled Checkpoint
11-11-2017 22:44:50 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2017 11:34:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WsAppService.exe, version: 2.2.4.1, time stamp: 0x5784a857
Faulting module name: KERNELBASE.dll, version: 6.2.15063.674, time stamp: 0x93d2100b
Exception code: 0xe053534f
Fault offset: 0x0000000000069e08
Faulting process id: 0x%9
Faulting application start time: 0xWsAppService.exe0
Faulting application path: WsAppService.exe1
Faulting module path: WsAppService.exe2
Report Id: WsAppService.exe3
Faulting package full name: WsAppService.exe4
Faulting package-relative application ID: WsAppService.exe5
 
Error: (11/14/2017 11:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-I4ACB5T9.local already in use; will try LAPTOP-I4ACB5T9-2.local instead
 
Error: (11/14/2017 11:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-I4ACB5T9.local. Addr 192.168.0.11
 
Error: (11/14/2017 11:33:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   16 LAPTOP-I4ACB5T9.local. AAAA 2600:8803:B401:C200:0000:0000:0000:0001
 
Error: (11/14/2017 11:02:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Christine\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
 
Error: (11/14/2017 01:01:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WsAppService.exe, version: 2.2.4.1, time stamp: 0x5784a857
Faulting module name: KERNELBASE.dll, version: 6.2.15063.674, time stamp: 0x93d2100b
Exception code: 0xe053534f
Fault offset: 0x0000000000069e08
Faulting process id: 0x%9
Faulting application start time: 0xWsAppService.exe0
Faulting application path: WsAppService.exe1
Faulting module path: WsAppService.exe2
Report Id: WsAppService.exe3
Faulting package full name: WsAppService.exe4
Faulting package-relative application ID: WsAppService.exe5
 
Error: (11/14/2017 01:00:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-I4ACB5T9.local already in use; will try LAPTOP-I4ACB5T9-2.local instead
 
Error: (11/14/2017 01:00:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 LAPTOP-I4ACB5T9.local. Addr 192.168.0.11
 
Error: (11/14/2017 01:00:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   16 LAPTOP-I4ACB5T9.local. AAAA 2600:8803:B401:C200:E1F0:E9C4:E1CB:0828
 
Error: (11/13/2017 02:27:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-I4ACB5T9.local already in use; will try LAPTOP-I4ACB5T9-2.local instead
 
 
System errors:
=============
Error: (11/14/2017 11:35:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2017 11:35:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
Error: (11/14/2017 11:34:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/14/2017 11:34:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/14/2017 11:34:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/14/2017 11:34:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CG6Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/14/2017 11:34:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CG6Service service to connect.
 
Error: (11/14/2017 11:33:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/14/2017 09:52:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/14/2017 06:43:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-14 23:36:13.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-14 01:00:29.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-10 12:09:21.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-05 16:51:55.198
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-04 13:42:57.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-03 21:54:02.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-03 04:54:07.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-01 01:46:18.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-01 00:35:59.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-10-31 21:40:34.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 61%
Total physical RAM: 3997.43 MB
Available physical RAM: 1535.13 MB
Total Virtual: 6173.43 MB
Available Virtual: 3530.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465 GB) (Free:77.9 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4FA19CB0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 15 November 2017 - 10:48 AM

Thank you for your understanding and the new reports.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
C:\Windows\System32\Drivers\011243AD.sys
C:\Windows\System32\Drivers\02F45D3A.sys
C:\Windows\System32\Drivers\03853FA2.sys
C:\Windows\System32\Drivers\15026815.sys
C:\Windows\System32\Drivers\152B4E7E.sys
C:\Windows\System32\Drivers\179F5E70.sys
C:\Windows\System32\Drivers\183040D8.sys
C:\Windows\System32\Drivers\1AE3665F.sys
C:\Windows\System32\Drivers\1B353332.sys
C:\Windows\System32\Drivers\1B4B4E61.sys
C:\Windows\System32\Drivers\1F4C5B18.sys
C:\Windows\System32\Drivers\216B4E43.sys
C:\Windows\System32\Drivers\219434AC.sys
C:\Windows\System32\Drivers\248377DA.sys
C:\Windows\System32\Drivers\2A294481.sys
C:\Windows\System32\Drivers\2C334477.sys
C:\Windows\System32\Drivers\2EBC5B9B.sys
C:\Windows\System32\Drivers\2EFB5D33.sys
C:\Windows\System32\Drivers\2F8C3F9B.sys
C:\Windows\System32\Drivers\348A66B1.sys
C:\Windows\System32\Drivers\39074E9F.sys
C:\Windows\System32\Drivers\3EFE6818.sys
C:\Windows\System32\Drivers\443740D1.sys
C:\Windows\System32\Drivers\45313335.sys
C:\Windows\System32\Drivers\46EB6659.sys
C:\Windows\System32\Drivers\4B535B12.sys
C:\Windows\System32\Drivers\4EC1496A.sys
C:\Windows\System32\Drivers\550B43B3.sys
C:\Windows\System32\Drivers\5AC45B94.sys
C:\Windows\System32\Drivers\609166AA.sys
C:\Windows\System32\Drivers\65764A97.sys
C:\Windows\System32\Drivers\69244E85.sys
C:\Windows\System32\Drivers\6AC53E7F.sys
C:\Windows\System32\Drivers\6B985E76.sys
C:\Windows\System32\Drivers\6CD03E75.sys
C:\Windows\System32\Drivers\6E093271.sys
C:\Windows\System32\Drivers\714F4E5D.sys
C:\Windows\System32\Drivers\776F4E40.sys
C:\Windows\System32\Drivers\79A3349F.sys
C:\Windows\System32\Drivers\7AC84964.sys
File: C:\Users\Christine\AppData\Roaming\sp_data.sys
hosts:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 knowledgeiskey

knowledgeiskey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 November 2017 - 04:30 PM

I appreciate all your help so far...

 

Here is the Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-11-2017
Ran by Christine (15-11-2017 15:06:53) Run:1
Running from C:\Users\Christine\Downloads
Loaded Profiles: Christine (Available Profiles: Christine)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF Extension: (No Name) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ [not found]
C:\Windows\System32\Drivers\011243AD.sys
C:\Windows\System32\Drivers\02F45D3A.sys
C:\Windows\System32\Drivers\03853FA2.sys
C:\Windows\System32\Drivers\15026815.sys
C:\Windows\System32\Drivers\152B4E7E.sys
C:\Windows\System32\Drivers\179F5E70.sys
C:\Windows\System32\Drivers\183040D8.sys
C:\Windows\System32\Drivers\1AE3665F.sys
C:\Windows\System32\Drivers\1B353332.sys
C:\Windows\System32\Drivers\1B4B4E61.sys
C:\Windows\System32\Drivers\1F4C5B18.sys
C:\Windows\System32\Drivers\216B4E43.sys
C:\Windows\System32\Drivers\219434AC.sys
C:\Windows\System32\Drivers\248377DA.sys
C:\Windows\System32\Drivers\2A294481.sys
C:\Windows\System32\Drivers\2C334477.sys
C:\Windows\System32\Drivers\2EBC5B9B.sys
C:\Windows\System32\Drivers\2EFB5D33.sys
C:\Windows\System32\Drivers\2F8C3F9B.sys
C:\Windows\System32\Drivers\348A66B1.sys
C:\Windows\System32\Drivers\39074E9F.sys
C:\Windows\System32\Drivers\3EFE6818.sys
C:\Windows\System32\Drivers\443740D1.sys
C:\Windows\System32\Drivers\45313335.sys
C:\Windows\System32\Drivers\46EB6659.sys
C:\Windows\System32\Drivers\4B535B12.sys
C:\Windows\System32\Drivers\4EC1496A.sys
C:\Windows\System32\Drivers\550B43B3.sys
C:\Windows\System32\Drivers\5AC45B94.sys
C:\Windows\System32\Drivers\609166AA.sys
C:\Windows\System32\Drivers\65764A97.sys
C:\Windows\System32\Drivers\69244E85.sys
C:\Windows\System32\Drivers\6AC53E7F.sys
C:\Windows\System32\Drivers\6B985E76.sys
C:\Windows\System32\Drivers\6CD03E75.sys
C:\Windows\System32\Drivers\6E093271.sys
C:\Windows\System32\Drivers\714F4E5D.sys
C:\Windows\System32\Drivers\776F4E40.sys
C:\Windows\System32\Drivers\79A3349F.sys
C:\Windows\System32\Drivers\7AC84964.sys
File: C:\Users\Christine\AppData\Roaming\sp_data.sys
hosts:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi\ => path removed successfully
C:\Windows\System32\Drivers\011243AD.sys => moved successfully
C:\Windows\System32\Drivers\02F45D3A.sys => moved successfully
C:\Windows\System32\Drivers\03853FA2.sys => moved successfully
C:\Windows\System32\Drivers\15026815.sys => moved successfully
C:\Windows\System32\Drivers\152B4E7E.sys => moved successfully
C:\Windows\System32\Drivers\179F5E70.sys => moved successfully
C:\Windows\System32\Drivers\183040D8.sys => moved successfully
C:\Windows\System32\Drivers\1AE3665F.sys => moved successfully
C:\Windows\System32\Drivers\1B353332.sys => moved successfully
C:\Windows\System32\Drivers\1B4B4E61.sys => moved successfully
C:\Windows\System32\Drivers\1F4C5B18.sys => moved successfully
C:\Windows\System32\Drivers\216B4E43.sys => moved successfully
C:\Windows\System32\Drivers\219434AC.sys => moved successfully
C:\Windows\System32\Drivers\248377DA.sys => moved successfully
C:\Windows\System32\Drivers\2A294481.sys => moved successfully
C:\Windows\System32\Drivers\2C334477.sys => moved successfully
C:\Windows\System32\Drivers\2EBC5B9B.sys => moved successfully
C:\Windows\System32\Drivers\2EFB5D33.sys => moved successfully
C:\Windows\System32\Drivers\2F8C3F9B.sys => moved successfully
C:\Windows\System32\Drivers\348A66B1.sys => moved successfully
C:\Windows\System32\Drivers\39074E9F.sys => moved successfully
C:\Windows\System32\Drivers\3EFE6818.sys => moved successfully
C:\Windows\System32\Drivers\443740D1.sys => moved successfully
C:\Windows\System32\Drivers\45313335.sys => moved successfully
C:\Windows\System32\Drivers\46EB6659.sys => moved successfully
C:\Windows\System32\Drivers\4B535B12.sys => moved successfully
C:\Windows\System32\Drivers\4EC1496A.sys => moved successfully
C:\Windows\System32\Drivers\550B43B3.sys => moved successfully
C:\Windows\System32\Drivers\5AC45B94.sys => moved successfully
C:\Windows\System32\Drivers\609166AA.sys => moved successfully
C:\Windows\System32\Drivers\65764A97.sys => moved successfully
C:\Windows\System32\Drivers\69244E85.sys => moved successfully
C:\Windows\System32\Drivers\6AC53E7F.sys => moved successfully
C:\Windows\System32\Drivers\6B985E76.sys => moved successfully
C:\Windows\System32\Drivers\6CD03E75.sys => moved successfully
C:\Windows\System32\Drivers\6E093271.sys => moved successfully
C:\Windows\System32\Drivers\714F4E5D.sys => moved successfully
C:\Windows\System32\Drivers\776F4E40.sys => moved successfully
C:\Windows\System32\Drivers\79A3349F.sys => moved successfully
C:\Windows\System32\Drivers\7AC84964.sys => moved successfully
 
========================= File: C:\Users\Christine\AppData\Roaming\sp_data.sys ========================
 
C:\Users\Christine\AppData\Roaming\sp_data.sys
File not signed
MD5: 13B798037A8F94EA20C4F7442A684DD5
Creation and modification date: 2017-10-25 03:55 - 2017-11-15 13:25
Size: 000000165
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13780920 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2456889 B
Edge => 10515 B
Chrome => 384499067 B
Firefox => 1994488 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 11482 B
NetworkService => 0 B
Christine => 102148471 B
 
RecycleBin => 1972561 B
EmptyTemp: => 493.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:09:40 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 15 November 2017 - 05:23 PM

Greetings.

As I suspected, the sp_data.sys file is legitimate. It is most likely being recreated because it is a necessary component for something else on your computer. Since there isn't much information available many people think it is a virus and remove it.

I see no evidence of malware on your computer, including any Remote Access Trojan. Are you currently experiencing any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 knowledgeiskey

knowledgeiskey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 November 2017 - 08:34 PM

Thank you for your reply

 

Yes, I have experienced issues, such as pictures/videos that have been deleted from my computer without my permission; and the file: Default.rdp Remote Desktop Connection, that I have found. There are other issues, such as people knowing what I am doing on my computer, what file I am opening, what video/pictures I am saving in my computer etc.  Unfortunately, I cannot address these in details on a public site...

 

You have been a tremendous help. If you don't mind enlightening me, I have a few questions regarding this process. I understand that you are busy, so feel free to answer these at your convenience.

 

1) How do I find out what sp_data.sys is used for? Why was it flagged by NoBot Security? 

 

2) According to the Fixlog, there are no information about sp_data.sys . No company name, no description etc. (see below). It is not a Microsoft process, not a ASUS component; any idea why it is there?

 

C:\Users\Christine\AppData\Roaming\sp_data.sys

File not signed
MD5: 13B798037A8F94EA20C4F7442A684DD5
Creation and modification date: 2017-10-25 03:55 - 2017-11-15 13:25
Size: 000000165
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 

3) How do I go about removing sp_data.sys even though it is legitimate?

 

4) I read the Fixlog, but I do not understand everything it displays. Can you please explain what drivers have been moved and why? For instance: -C:\Windows\System32\Drivers\011243AD.sys => moved successfully?

 

Thank you very much!



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 15 November 2017 - 09:56 PM

Greetings,

Default.rdp Remote Desktop Connection is a valid process. If you wish to check to see if this service is disabled follow the steps here.

-----

Scanning programs use a set of parameters to look for known or suspicious conditions within a file. A "detection" does not automatically prove the file is malicious. For instance, recently some antivirus programs were detecting FRST.exe as malware. In the case of sp_data.sys other scanning programs say it is clean. I don't give much weight to scanning programs that are not well known. I don't recall ever hearing about NoBot Security.

-----

I believe sp_data.sys is a customized file meaning it is created or modified depending upon the reason for its use. Such files will not have the information that appears to be missing from the file details. This is common.

-----

Getting the the bottom of the file creation might take some detective work. Since the file is clean and you should only be curious rather than concerned, I am not sure the effort is worth the anticipated result.

-----

Those files that were removed were Zero byte files, meaning they were empty and of no value.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 knowledgeiskey

knowledgeiskey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 16 November 2017 - 01:22 AM

Hello

 

Thank you for the clarifications. I followed the steps that you suggested, and I disabled Remote Desktop.

 

Again, I am grateful for all your help! Thanks!



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 16 November 2017 - 09:38 AM

Very good, the time has come.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:16 AM

Posted 17 November 2017 - 10:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users