Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OH BOY- Here we go again HELP REQUEST


  • This topic is locked This topic is locked
18 replies to this topic

#1 SenorSySoP

SenorSySoP

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 January 2018 - 12:50 AM

This PC was clean a month ago.  I have everything running and am very careful but I believe it is once again acting up even after a fresh install.   What is happening is the computer will sit idle and then all of the sudden the fans kick on and the cpu gets maxed out and it will keep going like that for hours.   Then my anti virus gets turned off and my firewall turned off when they are usually on.   This is so frustrating so I back here to for some assistance please.    Frst scan below and an RKILL log for your perusal.  Thanks.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by asuspc (19-01-2018 23:48:40)
Running from C:\Users\asuspc\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
asuspc (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\asuspc
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R6 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06151BE1-9A1F-4106-AB0F-29F20B77864A} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-18] (McAfee, LLC.)
Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {3EFE2403-96BC-4305-A148-D4CCAA5F7D6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {650E15BA-7643-4642-B9E0-95871C35D276} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {942282BE-C3EF-4771-B8BB-F356EB72F1D4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {BCF464F9-9E6F-4A2A-BC24-76D2D22D8376} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C92229F6-F6B2-4607-A08C-2E644AFBA54D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {DBC79ED6-31C4-4CCA-8C84-27317C1EB08F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-09 00:45 - 2018-01-09 00:45 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-09 01:05 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 068214160 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libcef.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 003112848 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libglesv2.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 000089488 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1635EEAF-47BC-4C6B-A8D2-80B583F6B189}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{048B0903-9F90-4E99-82F1-06EEE789B2E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{656D14BE-825D-4C68-8675-56D0B3C22134}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7CFDEC8F-041D-4FCF-857B-0D15F5EE3706}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{479B989D-C0FF-4053-8035-CB3569C3F9D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{33EBB0A8-9E8D-47BE-88D9-C70108BDE9C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8307EE8-7086-4C0A-BC86-9828EA45BCA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07EAE897-8FD5-4C47-B6E7-09FFFB4D411A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{41846A3E-3B56-45AC-9D59-961ACF7B92CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A277D10B-C1B3-4967-8B3D-5539A1E86EE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{1F2D2C78-4F81-4AAD-A157-838F659BAD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{53BABD03-C30D-4854-B458-F37144C665F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F2F69574-8377-4188-95B3-48D3C10CBF17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{941B6379-B984-4859-9A33-D7CBE8672D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{61108F5A-69EB-4016-A599-361528087CC6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9A69599D-D266-4355-B84A-B1FD0FF09DAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6BDC83E6-AD1A-4187-BE02-E8E58E942A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F44DA6E-A4C0-49D9-9428-C901156D66A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2E9F3C89-C32F-40F3-B5C1-57795E251FA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D735EBAE-E5B9-4B05-9083-3C18FE967E70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{94A8F514-B428-4585-9ED0-C477CDAAA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

Error: (01/09/2018 01:02:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 2.1.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a70

Start Time: 01d389176ba587d6

Termination Time: 50834

Application Path: C:\Users\asuspc\Downloads\FRST64(1).exe

Report Id: 26aae7b0-031a-4b13-a047-e1fa54a1e967

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 01:02:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/09/2018 01:01:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22a06a2f-81f1-4504-995b-42d78a462720}

System errors:
=============
Error: (01/19/2018 11:42:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/19/2018 11:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (01/18/2018 08:08:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/18/2018 08:05:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.

Error: (01/18/2018 07:59:19 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\asuspc SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:29 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 11467.45 MB
Available physical RAM: 7761.77 MB
Total Virtual: 13195.45 MB
Available Virtual: 8565.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1819.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by asuspc (19-01-2018 23:48:40)
Running from C:\Users\asuspc\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
asuspc (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\asuspc
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R6 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-11-24] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06151BE1-9A1F-4106-AB0F-29F20B77864A} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-18] (McAfee, LLC.)
Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {3EFE2403-96BC-4305-A148-D4CCAA5F7D6F} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {650E15BA-7643-4642-B9E0-95871C35D276} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {942282BE-C3EF-4771-B8BB-F356EB72F1D4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {BCF464F9-9E6F-4A2A-BC24-76D2D22D8376} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C92229F6-F6B2-4607-A08C-2E644AFBA54D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {DBC79ED6-31C4-4CCA-8C84-27317C1EB08F} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-09-11] (McAfee, Inc.)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001909248 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001266176 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 002988032 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 002459648 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2018-01-03 21:20 - 2017-12-07 12:15 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-01-09 00:45 - 2018-01-09 00:45 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-09 01:05 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 068214160 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libcef.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 003112848 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libglesv2.dll
2018-01-13 03:13 - 2018-01-13 03:14 - 000089488 _____ () C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\asuspc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\asuspc\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{1635EEAF-47BC-4C6B-A8D2-80B583F6B189}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{048B0903-9F90-4E99-82F1-06EEE789B2E5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{656D14BE-825D-4C68-8675-56D0B3C22134}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7CFDEC8F-041D-4FCF-857B-0D15F5EE3706}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{479B989D-C0FF-4053-8035-CB3569C3F9D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{33EBB0A8-9E8D-47BE-88D9-C70108BDE9C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8307EE8-7086-4C0A-BC86-9828EA45BCA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{07EAE897-8FD5-4C47-B6E7-09FFFB4D411A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{41846A3E-3B56-45AC-9D59-961ACF7B92CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A277D10B-C1B3-4967-8B3D-5539A1E86EE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{1F2D2C78-4F81-4AAD-A157-838F659BAD79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{53BABD03-C30D-4854-B458-F37144C665F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F2F69574-8377-4188-95B3-48D3C10CBF17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{941B6379-B984-4859-9A33-D7CBE8672D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{61108F5A-69EB-4016-A599-361528087CC6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9A69599D-D266-4355-B84A-B1FD0FF09DAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6BDC83E6-AD1A-4187-BE02-E8E58E942A10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F44DA6E-A4C0-49D9-9428-C901156D66A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2E9F3C89-C32F-40F3-B5C1-57795E251FA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D735EBAE-E5B9-4B05-9083-3C18FE967E70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{94A8F514-B428-4585-9ED0-C477CDAAA994}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\asuspc dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

Error: (01/09/2018 01:02:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 2.1.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a70

Start Time: 01d389176ba587d6

Termination Time: 50834

Application Path: C:\Users\asuspc\Downloads\FRST64(1).exe

Report Id: 26aae7b0-031a-4b13-a047-e1fa54a1e967

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 01:02:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/09/2018 01:01:41 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {22a06a2f-81f1-4504-995b-42d78a462720}

System errors:
=============
Error: (01/19/2018 11:42:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/19/2018 11:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (01/18/2018 08:08:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/18/2018 08:05:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.

Error: (01/18/2018 07:59:19 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\asuspc SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:38 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC} did not register with DCOM within the required timeout.

Error: (01/13/2018 04:26:29 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 11467.45 MB
Available physical RAM: 7761.77 MB
Total Virtual: 13195.45 MB
Available Virtual: 8565.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1819.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 22 January 2018 - 11:36 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 22 January 2018 - 03:06 PM

got it. will do today. were you able to gleen anything from the scan logs? The frst log was already in

#4 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 22 January 2018 - 03:35 PM

The FRST.txt was not there, you posted only Addition.txt
That's why I need a new scan with FRST and both logs as instructed, thanks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 January 2018 - 11:18 PM

Hello,  The rootkit scan came back negative.  However the GMER scan had a few possibilities as previously mentioned.  other scans below.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Ronin Asus (administrator) on TAINOHATUEYASUS (23-01-2018 22:12:59)
Running from C:\Users\Ronin Asus\Downloads
Loaded Profiles: Ronin Asus (Available Profiles: Ronin Asus)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(IPVanish) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Malwarebytes) C:\Users\Ronin Asus\Downloads\AdwCleaner (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5461968 2017-12-21] (SecureMix LLC)
HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\Run: [usbrescate] => C:\Ericksystem\USB Rescate\usbrescate.exe [1067520 2018-01-12] (Ericksystem)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{12ef00da-5ec5-46d4-aae2-92533941d97c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{12ef00da-5ec5-46d4-aae2-92533941d97c}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: 8uudbj8h.default
FF ProfilePath: C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default [2018-01-23]
FF Extension: (True Key™ by Intel Security) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\@true-key.xpi [2018-01-03]
FF Extension: (LessPass) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\contact@lesspass.com.xpi [2018-01-05]
FF Extension: (Tails Verification) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\{4121db26-aeba-4014-b6fe-1db322d7c585}.xpi [2017-12-20]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-20] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US91120D20180103&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default [2018-01-23]
CHR Extension: (Slides) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-26]
CHR Extension: (Docs) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-26]
CHR Extension: (Google Drive) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-20]
CHR Extension: (YouTube) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-20]
CHR Extension: (Sheets) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-01-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-26]
CHR Extension: (Gmail) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2017-12-17] ()
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4369360 2017-12-21] (SecureMix LLC)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [280032 2017-11-29] (Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-17] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [25944 2016-08-25] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Advanced Micro Devices)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [963088 2017-08-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [757216 2017-11-29] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [7959408 2017-11-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 22:05 - 2018-01-23 22:13 - 000000000 ____D C:\AdwCleaner
2018-01-23 22:05 - 2018-01-23 22:05 - 008206624 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\AdwCleaner (1).exe
2018-01-23 22:05 - 2018-01-23 22:05 - 002393088 _____ (Farbar) C:\Users\Ronin Asus\Downloads\FRST64.exe
2018-01-23 22:01 - 2018-01-23 22:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-23 21:59 - 2018-01-23 22:10 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-23 21:59 - 2018-01-23 21:59 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\514282CB.sys
2018-01-23 21:59 - 2018-01-23 21:59 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-23 21:59 - 2018-01-23 21:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-23 21:58 - 2018-01-23 21:59 - 000000000 ____D C:\Users\Ronin Asus\Desktop\mbar
2018-01-23 21:58 - 2018-01-23 21:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ronin Asus\Desktop\mbar-1.10.3.1001.exe
2018-01-23 21:57 - 2018-01-23 22:03 - 000000746 _____ C:\Users\Ronin Asus\Desktop\SALog.txt
2018-01-23 21:55 - 2018-01-23 21:55 - 000899584 _____ C:\Users\Ronin Asus\Desktop\RGSA.exe
2018-01-23 21:46 - 2018-01-23 21:46 - 000000000 ____H C:\Users\Ronin Asus\Documents\Default.rdp
2018-01-20 01:41 - 2018-01-20 01:41 - 000380928 _____ C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
2018-01-19 23:56 - 2018-01-19 23:56 - 000380928 _____ C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
2018-01-19 23:43 - 2018-01-19 23:43 - 000000000 ____D C:\Users\Ronin Asus\Downloads\FRST-OlderVersion
2018-01-18 20:22 - 2018-01-18 20:22 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-01-12 20:52 - 2018-01-12 20:53 - 032120384 _____ (KingRoot ) C:\Users\Ronin Asus\Downloads\KingRoot_pc_en.exe
2018-01-12 18:45 - 2018-01-12 18:48 - 000000832 _____ C:\Users\Ronin Asus\Desktop\USB Rescate.lnk
2018-01-12 18:45 - 2018-01-12 18:48 - 000000000 ____D C:\Ericksystem
2018-01-12 18:43 - 2018-01-12 18:43 - 002209574 _____ C:\Users\Ronin Asus\Downloads\usb-rescate-plus_8.8(1).zip
2018-01-12 18:42 - 2018-01-12 18:42 - 002209574 _____ C:\Users\Ronin Asus\Downloads\usb-rescate-plus_8.8.zip
2018-01-09 01:01 - 2018-01-10 00:22 - 000003105 _____ C:\Users\Ronin Asus\Downloads\Fixlog.txt
2018-01-09 00:58 - 2018-01-19 23:43 - 002393088 _____ (Farbar) C:\Users\Ronin Asus\Downloads\FRST64(1).exe
2018-01-06 16:28 - 2018-01-06 16:28 - 042151072 _____ (Microsoft Corporation) C:\Users\Ronin Asus\Downloads\Windows-KB890830-x64-V5.55.exe
2018-01-06 11:45 - 2018-01-06 11:48 - 000000000 ____D C:\USB File Resc
2018-01-06 11:03 - 2018-01-12 20:40 - 000000000 ____D C:\Users\Ronin Asus\Downloads\A68BM-A-ASUS-M32BF-0704
2018-01-06 10:41 - 2013-06-20 16:57 - 001886208 _____ (TODO: <公司名稱>) C:\WINDOWS\FbkGo.dll
2018-01-05 22:35 - 2018-01-06 13:35 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-05 22:15 - 2018-01-05 22:15 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\NuGet
2018-01-05 22:11 - 2018-01-05 22:11 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\PackageManagement
2018-01-05 22:11 - 2018-01-05 22:11 - 000000000 ____D C:\Program Files\PackageManagement
2018-01-05 21:34 - 2018-01-05 21:34 - 000426779 _____ C:\Users\Ronin Asus\Downloads\Meltdown & Spectre Flaw.pdf
2018-01-05 20:48 - 2018-01-05 20:48 - 002474116 _____ () C:\Users\Ronin Asus\Downloads\ipscan-win64-3.5.2.exe
2018-01-05 17:21 - 2018-01-05 17:21 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\GlassWire
2018-01-05 15:48 - 2018-01-05 15:48 - 000008107 _____ C:\Users\Ronin Asus\Downloads\MTB.txt
2018-01-05 15:47 - 2018-01-05 15:47 - 000001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
2018-01-05 15:47 - 2018-01-05 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-01-05 15:47 - 2015-05-28 22:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2018-01-05 15:47 - 2015-05-28 22:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-01-05 15:46 - 2018-01-05 15:47 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\ProgramData\GlassWire
2018-01-05 13:54 - 2018-01-05 13:57 - 000004225 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-05-13-54-42.txt
2018-01-05 13:54 - 2018-01-05 13:54 - 000002680 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-05-13-54-34.txt
2018-01-05 13:52 - 2018-01-19 23:35 - 000002186 _____ C:\Users\Ronin Asus\Desktop\Rkill.txt
2018-01-05 13:52 - 2018-01-05 13:53 - 000001712 _____ C:\Users\Ronin Asus\Downloads\FSS.txt
2018-01-05 13:52 - 2018-01-05 13:52 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill64.exe
2018-01-04 08:24 - 2018-01-04 08:25 - 000003027 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-04-8-24-59.txt
2018-01-04 07:59 - 2018-01-04 07:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2018-01-04 07:59 - 2018-01-04 07:59 - 000000000 ____D C:\Program Files\TAP-Windows
2018-01-04 07:58 - 2018-01-04 07:58 - 000256240 _____ C:\Users\Ronin Asus\Downloads\tap-windows-9.21.2.exe
2018-01-03 23:32 - 2018-01-03 23:32 - 002091520 _____ (Conner Bernhard) C:\Users\Ronin Asus\Downloads\NetAdapterRepair1.2(1).exe
2018-01-03 21:58 - 2018-01-03 21:58 - 000001088 _____ C:\Users\Public\Desktop\IPVanish.lnk
2018-01-03 21:58 - 2018-01-03 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2018-01-03 21:56 - 2018-01-03 21:56 - 022707312 _____ (IPVanish) C:\Users\Ronin Asus\Downloads\ipvanish-setup (1).exe
2018-01-03 21:54 - 2018-01-03 21:54 - 002091520 _____ (Conner Bernhard) C:\Users\Ronin Asus\Downloads\NetAdapterRepair1.2.exe
2018-01-03 21:52 - 2018-01-03 21:52 - 000892416 _____ (Farbar) C:\Users\Ronin Asus\Downloads\MiniToolBox.exe
2018-01-03 21:47 - 2018-01-03 21:47 - 000899584 _____ (Farbar) C:\Users\Ronin Asus\Downloads\FSS.exe
2018-01-03 21:45 - 2018-01-03 21:45 - 000957952 _____ (Farbar) C:\Users\Ronin Asus\Downloads\ListParts64.exe
2018-01-03 21:38 - 2018-01-03 21:43 - 035166664 _____ (SecureMix LLC) C:\Users\Ronin Asus\Downloads\glasswire-free-firewall_2.0.80.exe
2018-01-03 21:38 - 2018-01-03 21:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill_2.9.1.0.exe
2018-01-03 21:38 - 2018-01-03 21:38 - 000441344 _____ (Streuner Corporation) C:\Users\Ronin Asus\Downloads\usb-file-resc_17.0.0.1.exe
2018-01-03 21:37 - 2018-01-03 21:38 - 008198432 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\adwcleaner_7.0.6.0.exe
2018-01-03 21:36 - 2018-01-03 21:36 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ronin Asus\Downloads\mbar-1.10.3.1001.exe
2018-01-03 21:22 - 2018-01-01 11:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-03 21:22 - 2018-01-01 06:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-03 21:22 - 2018-01-01 06:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-03 21:22 - 2018-01-01 06:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-03 21:22 - 2018-01-01 06:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-03 21:22 - 2018-01-01 06:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-03 21:22 - 2018-01-01 06:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-03 21:22 - 2018-01-01 06:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-03 21:22 - 2018-01-01 06:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-03 21:22 - 2018-01-01 06:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-03 21:22 - 2018-01-01 06:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-03 21:22 - 2018-01-01 06:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-03 21:22 - 2018-01-01 06:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-03 21:22 - 2018-01-01 06:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-03 21:22 - 2018-01-01 06:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-03 21:22 - 2018-01-01 06:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-03 21:22 - 2018-01-01 06:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-03 21:22 - 2018-01-01 06:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-03 21:22 - 2018-01-01 06:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-03 21:22 - 2018-01-01 06:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-03 21:22 - 2018-01-01 06:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-03 21:22 - 2018-01-01 06:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-03 21:22 - 2018-01-01 06:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-03 21:22 - 2018-01-01 06:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-03 21:22 - 2018-01-01 06:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-03 21:22 - 2018-01-01 06:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-03 21:22 - 2018-01-01 06:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-03 21:22 - 2018-01-01 06:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-03 21:22 - 2018-01-01 06:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-03 21:22 - 2018-01-01 06:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-03 21:22 - 2018-01-01 06:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-03 21:22 - 2018-01-01 06:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-03 21:22 - 2018-01-01 06:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-03 21:22 - 2018-01-01 06:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-03 21:22 - 2018-01-01 06:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-03 21:22 - 2018-01-01 06:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-03 21:22 - 2018-01-01 06:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-03 21:22 - 2018-01-01 06:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-03 21:22 - 2018-01-01 06:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-03 21:22 - 2018-01-01 06:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-03 21:22 - 2018-01-01 06:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-03 21:22 - 2018-01-01 06:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-03 21:22 - 2018-01-01 06:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-03 21:22 - 2018-01-01 06:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-03 21:22 - 2018-01-01 06:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-03 21:22 - 2018-01-01 06:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-03 21:22 - 2018-01-01 06:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-03 21:22 - 2018-01-01 06:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-03 21:22 - 2018-01-01 06:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-03 21:22 - 2018-01-01 06:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-03 21:22 - 2018-01-01 06:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-03 21:22 - 2018-01-01 06:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-03 21:22 - 2018-01-01 06:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-03 21:22 - 2018-01-01 06:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-03 21:22 - 2018-01-01 06:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-03 21:22 - 2018-01-01 06:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-03 21:22 - 2018-01-01 06:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-03 21:22 - 2018-01-01 06:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-03 21:22 - 2018-01-01 06:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-03 21:22 - 2018-01-01 06:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-03 21:22 - 2018-01-01 06:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-03 21:22 - 2018-01-01 06:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-03 21:22 - 2018-01-01 06:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-03 21:22 - 2018-01-01 06:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-03 21:22 - 2018-01-01 06:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-03 21:22 - 2018-01-01 06:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-03 21:22 - 2018-01-01 05:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-03 21:22 - 2018-01-01 05:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-03 21:22 - 2018-01-01 05:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-03 21:22 - 2018-01-01 05:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-03 21:22 - 2018-01-01 05:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-03 21:22 - 2018-01-01 05:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-03 21:22 - 2018-01-01 05:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-03 21:22 - 2018-01-01 05:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-03 21:22 - 2018-01-01 05:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-03 21:22 - 2018-01-01 05:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-03 21:22 - 2018-01-01 05:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-03 21:22 - 2018-01-01 05:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-03 21:22 - 2018-01-01 05:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-03 21:22 - 2018-01-01 05:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-03 21:22 - 2018-01-01 05:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-03 21:22 - 2018-01-01 05:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-03 21:22 - 2018-01-01 05:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-03 21:22 - 2018-01-01 05:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-03 21:22 - 2018-01-01 05:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-03 21:22 - 2018-01-01 05:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-03 21:22 - 2018-01-01 05:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-03 21:22 - 2018-01-01 05:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-03 21:22 - 2018-01-01 05:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-03 21:22 - 2018-01-01 05:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-03 21:22 - 2018-01-01 05:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-03 21:22 - 2018-01-01 05:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-03 21:22 - 2018-01-01 05:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-03 21:22 - 2018-01-01 05:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-03 21:22 - 2018-01-01 05:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-03 21:22 - 2018-01-01 05:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-03 21:17 - 2018-01-23 21:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-01-03 21:14 - 2018-01-03 21:14 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\CEF
2018-01-03 21:13 - 2018-01-03 21:13 - 036622408 _____ (McAfee, Inc.) C:\Users\Ronin Asus\Downloads\Setup_serial__ofGtrIodOGiiAqeYiS3eA2_key_affid_1285_akey.exe
2018-01-03 20:59 - 2018-01-03 20:59 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Temp
2017-12-28 09:17 - 2017-12-28 09:17 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\ElevatedDiagnostics
2017-12-27 21:25 - 2018-01-13 03:15 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\PlaceholderTileLogoFolder
2017-12-27 21:16 - 2017-12-27 21:16 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-12-27 17:30 - 2017-12-27 17:30 - 008172032 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\AdwCleaner.exe
2017-12-27 17:29 - 2017-12-27 17:29 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill.exe
2017-12-27 17:01 - 2017-12-27 20:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-12-27 16:47 - 2017-12-27 18:21 - 000001994 _____ C:\WINDOWS\ntbtlog.txt
2017-12-27 16:34 - 2017-12-27 16:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-27 16:24 - 2017-12-27 16:56 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\Apple Computer
2017-12-27 16:24 - 2017-12-27 16:24 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Apple Computer
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\Program Files\iPod
2017-12-27 16:23 - 2017-12-27 16:24 - 000000000 ____D C:\Program Files\iTunes
2017-12-27 16:23 - 2017-12-27 16:23 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-27 16:22 - 2017-12-27 16:23 - 000000000 ____D C:\ProgramData\Apple
2017-12-27 15:56 - 2017-12-27 15:56 - 022707312 _____ (IPVanish) C:\Users\Ronin Asus\Downloads\ipvanish-setup.exe
2017-12-27 12:33 - 2017-12-27 12:36 - 000000000 ____D C:\NPE
2017-12-27 12:32 - 2017-12-27 16:46 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\NPE
2017-12-27 12:07 - 2017-12-27 12:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001
2017-12-26 19:34 - 2018-01-23 22:11 - 000000874 _____ C:\Users\Ronin Asus\Downloads\Addition.txt
2017-12-26 19:33 - 2018-01-23 22:13 - 000010599 _____ C:\Users\Ronin Asus\Downloads\FRST.txt
2017-12-26 19:33 - 2018-01-23 22:12 - 000000000 ____D C:\FRST
2017-12-26 13:43 - 2017-12-26 13:46 - 000000000 ____D C:\Users\Ronin Asus\Documents\Dads Porn
2017-12-25 11:03 - 2017-12-25 11:03 - 000000017 _____ C:\Users\Ronin Asus\AppData\Local\resmon.resmoncfg
2017-12-25 03:41 - 2017-12-25 03:41 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\NetworkTiles

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 22:02 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-23 21:59 - 2017-12-23 11:26 - 001127442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-23 21:58 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-23 21:58 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-23 21:52 - 2017-12-23 11:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-23 21:52 - 2017-12-17 18:11 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-23 21:52 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-23 21:50 - 2017-12-23 11:17 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Packages
2018-01-23 21:49 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Mozilla
2018-01-23 21:49 - 2017-09-29 07:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-23 21:49 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-23 21:39 - 2017-12-23 11:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-20 01:43 - 2017-12-17 18:30 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\CrashDumps
2018-01-20 00:32 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-18 20:22 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-18 20:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-18 20:00 - 2017-12-17 17:38 - 000000000 ____D C:\Program Files\IPVanish VPN
2018-01-18 19:58 - 2017-12-19 00:03 - 000001342 _____ C:\Users\Ronin Asus\Desktop\Spotify.lnk
2018-01-10 00:49 - 2017-12-17 17:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 00:48 - 2017-12-17 17:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 00:48 - 2017-12-17 17:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 00:47 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 01:27 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-09 00:50 - 2017-12-20 03:43 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 00:50 - 2017-12-20 03:43 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-06 11:16 - 2017-12-18 22:20 - 005000352 _____ C:\WINDOWS\PE_File.dll
2018-01-06 11:16 - 2017-12-18 22:16 - 005133680 _____ C:\WINDOWS\PE_Rom.dll
2018-01-06 10:46 - 2017-12-23 11:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-01-06 10:42 - 2017-12-23 11:16 - 000000000 ____D C:\Users\Ronin Asus
2018-01-06 10:41 - 2017-12-17 22:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-06 10:39 - 2017-12-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-01-06 10:38 - 2017-12-17 22:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Drivers\MFDLL
2018-01-05 22:35 - 2017-12-17 17:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-05 22:35 - 2017-12-17 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-05 17:58 - 2017-12-17 17:39 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-05 15:47 - 2017-12-17 16:57 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-03 23:30 - 2017-12-23 16:33 - 000000000 ___RD C:\Users\Ronin Asus\3D Objects
2018-01-03 23:30 - 2017-12-17 17:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-03 23:13 - 2017-12-23 11:14 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-03 23:11 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-03 21:58 - 2017-12-17 17:38 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\IPVanish
2018-01-03 21:07 - 2017-12-23 11:11 - 000000000 ____D C:\Windows.old
2018-01-03 20:55 - 2017-12-17 17:53 - 000000000 ____D C:\ProgramData\Norton
2017-12-28 08:52 - 2017-12-17 17:54 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-12-26 21:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-26 20:47 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-12-26 20:28 - 2017-12-17 17:49 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\TileDataLayer
2017-12-26 20:28 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-26 20:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\registration
2017-12-26 20:22 - 2017-12-20 03:43 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Google
2017-12-26 20:22 - 2017-12-18 23:37 - 000000000 ____D C:\Users\Ronin Asus\Downloads\ASUS_Manager-Update_V20505
2017-12-26 20:22 - 2017-12-18 07:33 - 000000000 ____D C:\Users\Ronin Asus\Documents\asus files
2017-12-26 20:22 - 2017-12-17 22:38 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\ASUS
2017-12-26 20:22 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\Mozilla
2017-12-26 20:22 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2017-12-25 11:03 - 2017-12-25 11:03 - 000000017 _____ () C:\Users\Ronin Asus\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-01-23 21:48 - 2017-11-14 18:22 - 001277072 _____ (McAfee, Inc.) C:\Users\Ronin Asus\AppData\Local\Temp\0060061516765696mcinst.exe
2018-01-18 19:58 - 2018-01-13 03:14 - 000808848 _____ (Spotify Ltd) C:\Users\Ronin Asus\AppData\Local\Temp\SpotifyMigrator.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 20:52

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Ronin Asus (23-01-2018 22:13:30)
Running from C:\Users\Ronin Asus\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
Ronin Asus (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\Ronin Asus
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {6EF1B78C-CA88-49DF-9191-BA08698BFA71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {8C3D3613-60A8-4004-9D93-47F06989213A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {A1E03A16-87B8-4AE7-8582-25A80FDDB67D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {C92229F6-F6B2-4607-A08C-2E644AFBA54D} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {E45F2B6A-BA04-45A1-A2A3-8D918F4FCFB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-23 21:54 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\ronin asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronin asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\ronin asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronin asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2018 01:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: s01gx8yx.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: s01gx8yx.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008dcc4
Faulting process id: 0x318c
Faulting application start time: 0x01d391c2163c2acc
Faulting application path: C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
Faulting module path: C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
Report Id: 1e33f29f-68a1-490a-804e-a631163d786d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2018 12:04:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: y8d2rjm8.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: y8d2rjm8.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0001d061
Faulting process id: 0x31c0
Faulting application start time: 0x01d391b375a8ebb3
Faulting application path: C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
Faulting module path: C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
Report Id: 569fdccb-ee4d-418d-a87e-ea57337ad5eb
Faulting package full name:
Faulting package-relative application ID:

Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

Error: (01/09/2018 01:02:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 2.1.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a70

Start Time: 01d389176ba587d6

Termination Time: 50834

Application Path: C:\Users\Ronin Asus\Downloads\FRST64(1).exe

Report Id: 26aae7b0-031a-4b13-a047-e1fa54a1e967

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (01/23/2018 09:41:55 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\Ronin Asus SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2018 11:42:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

A corruption was found in a file system index structure.  The file reference number is 0x400000001db0e.  The name of the file is "\Windows\System32\config".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/22/2018 11:42:42 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x2000000035a4c.  The name of the file is "<unable to determine file name>".

Error: (01/22/2018 09:12:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/22/2018 08:43:03 PM) (Source: DCOM) (EventID: 10016) (User: TAINOHATUEYASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user TAINOHATUEYASUS\Ronin Asus SID (S-1-5-21-750800953-1317498452-842231029-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2018 01:44:37 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/20/2018 01:44:37 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/20/2018 01:44:37 AM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/19/2018 11:42:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/19/2018 11:30:36 PM) (Source: DCOM) (EventID: 10010) (User: TAINOHATUEYASUS)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 11467.45 MB
Available physical RAM: 8416.78 MB
Total Virtual: 13195.45 MB
Available Virtual: 10086.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1820 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================



#6 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 January 2018 - 11:21 PM

# AdwCleaner 7.0.7.0 - Logfile created on Wed Jan 24 04:13:08 2018
# Updated on 2018/18/01 by Malwarebytes
# Database: 01-24-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\All Users\Documents\Downloaded Installers
PUP.Optional.Legacy, C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus, C:\Users\Ronin Asus\AppData\Local\slimware utilities inc
PUP.Optional.SlimCleanerPlus, C:\Users\Ronin Asus\AppData\Local\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.DriverUpdate, DriverUpdate Scan

***** [ Registry ] *****

PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKU\S-1-5-21-750800953-1317498452-842231029-1001\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\SlimWare Utilities Inc
PUP.Optional.DriverUpdate, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1821 B] - [2018/1/24 4:7:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########



#7 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 January 2018 - 11:24 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 20th January, 2018
Running from:C:\Users\Ronin Asus\Desktop (22:03:31 - 01/23/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Disabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (63.0.3239.132)
Mozilla Firefox (57.0.4)

***----------------Analysis Complete-------------------------***


Result of Security Analysis by Rocket Grannie (x86) Updated: 20th January, 2018
Running from:C:\Users\Ronin Asus\Desktop (22:03:31 - 01/23/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Disabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (63.0.3239.132)
Mozilla Firefox (57.0.4)

***----------------Analysis Complete-------------------------***



#8 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 24 January 2018 - 04:08 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: How the computer is running now?


***


:step4: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txtand Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
-----------------------------

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 25 January 2018 - 11:35 PM

ok here u go.  it would help me if I understood a little better why or what the first scans revealed. id like to learn not just do. please  thanks

 

MBar Anti Rootkit came back clean.   I wonder why the GCER shows a problem?   here are the other logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Ronin Asus (administrator) on TAINOHATUEYASUS (25-01-2018 23:36:08)
Running from C:\Users\Ronin Asus\Downloads
Loaded Profiles: Ronin Asus (Available Profiles: Ronin Asus)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ericksystem) C:\Ericksystem\USB Rescate\usbrescate.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5461968 2017-12-21] (SecureMix LLC)
HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\Run: [usbrescate] => C:\Ericksystem\USB Rescate\usbrescate.exe [1067520 2018-01-12] (Ericksystem)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{12ef00da-5ec5-46d4-aae2-92533941d97c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{12ef00da-5ec5-46d4-aae2-92533941d97c}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-25] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-25] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8uudbj8h.default
FF ProfilePath: C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default [2018-01-25]
FF Extension: (True Key™ by Intel Security) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\@true-key.xpi [2018-01-03]
FF Extension: (LessPass) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\contact@lesspass.com.xpi [2018-01-05]
FF Extension: (Tails Verification) - C:\Users\Ronin Asus\AppData\Roaming\Mozilla\Firefox\Profiles\8uudbj8h.default\Extensions\{4121db26-aeba-4014-b6fe-1db322d7c585}.xpi [2017-12-20]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-20] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US91120D20180103&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default [2018-01-25]
CHR Extension: (Slides) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-26]
CHR Extension: (Docs) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-26]
CHR Extension: (Google Drive) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-20]
CHR Extension: (YouTube) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-20]
CHR Extension: (Sheets) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-01-05]
CHR Extension: (Google Docs Offline) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-26]
CHR Extension: (Gmail) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ronin Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2017-12-17] ()
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4369360 2017-12-21] (SecureMix LLC)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [280032 2017-11-29] (Realtek Semiconductor Corp.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-12-17] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [25944 2016-08-25] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Advanced Micro Devices)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [192952 2018-01-25] (Malwarebytes)
R1 MpKsl249b5bb9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A9EDA8D-FEB5-4C98-B627-4587936A5709}\MpKsl249b5bb9.sys [58120 2018-01-25] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [963088 2017-08-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [757216 2017-11-29] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [7959408 2017-11-21] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-25 23:12 - 2018-01-25 23:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-25 22:52 - 2018-01-25 22:52 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 22:52 - 2018-01-25 22:52 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\Sun
2018-01-25 22:52 - 2018-01-25 22:52 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Sun
2018-01-25 22:52 - 2018-01-25 22:52 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 22:52 - 2018-01-25 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-25 22:52 - 2018-01-25 22:52 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-25 22:51 - 2018-01-25 22:51 - 001861696 _____ (Oracle Corporation) C:\Users\Ronin Asus\Downloads\JavaSetup8u161.exe
2018-01-25 22:51 - 2018-01-25 22:51 - 001157656 _____ (Oracle Corporation) C:\Users\Ronin Asus\Downloads\JavaUninstallTool.exe
2018-01-25 22:51 - 2018-01-25 22:51 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Oracle
2018-01-25 22:41 - 2018-01-25 22:46 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2671249F.sys
2018-01-25 21:43 - 2018-01-25 23:12 - 077856768 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-25 21:38 - 2018-01-25 21:43 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-01-23 22:05 - 2018-01-25 22:45 - 000000000 ____D C:\AdwCleaner
2018-01-23 22:05 - 2018-01-23 22:05 - 008206624 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\AdwCleaner (1).exe
2018-01-23 22:05 - 2018-01-23 22:05 - 002393088 _____ (Farbar) C:\Users\Ronin Asus\Downloads\FRST64.exe
2018-01-23 21:59 - 2018-01-25 23:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-23 21:59 - 2018-01-25 22:40 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-01-23 21:59 - 2018-01-23 21:59 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\514282CB.sys
2018-01-23 21:59 - 2018-01-23 21:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-23 21:58 - 2018-01-25 23:12 - 000000000 ____D C:\Users\Ronin Asus\Desktop\mbar
2018-01-23 21:58 - 2018-01-23 21:58 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ronin Asus\Desktop\mbar-1.10.3.1001.exe
2018-01-23 21:57 - 2018-01-25 22:37 - 000000745 _____ C:\Users\Ronin Asus\Desktop\SALog.txt
2018-01-23 21:55 - 2018-01-23 21:55 - 000899584 _____ C:\Users\Ronin Asus\Desktop\RGSA.exe
2018-01-23 21:46 - 2018-01-23 21:46 - 000000000 ____H C:\Users\Ronin Asus\Documents\Default.rdp
2018-01-20 01:41 - 2018-01-20 01:41 - 000380928 _____ C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
2018-01-19 23:56 - 2018-01-19 23:56 - 000380928 _____ C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
2018-01-19 23:43 - 2018-01-19 23:43 - 000000000 ____D C:\Users\Ronin Asus\Downloads\FRST-OlderVersion
2018-01-18 20:22 - 2018-01-18 20:22 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-01-12 18:45 - 2018-01-12 18:48 - 000000832 _____ C:\Users\Ronin Asus\Desktop\USB Rescate.lnk
2018-01-12 18:45 - 2018-01-12 18:48 - 000000000 ____D C:\Ericksystem
2018-01-09 01:01 - 2018-01-10 00:22 - 000003105 _____ C:\Users\Ronin Asus\Downloads\Fixlog.txt
2018-01-06 16:28 - 2018-01-06 16:28 - 042151072 _____ (Microsoft Corporation) C:\Users\Ronin Asus\Downloads\Windows-KB890830-x64-V5.55.exe
2018-01-06 11:45 - 2018-01-06 11:48 - 000000000 ____D C:\USB File Resc
2018-01-06 11:03 - 2018-01-12 20:40 - 000000000 ____D C:\Users\Ronin Asus\Downloads\A68BM-A-ASUS-M32BF-0704
2018-01-06 10:41 - 2013-06-20 16:57 - 001886208 _____ (TODO: <公司名稱>) C:\WINDOWS\FbkGo.dll
2018-01-05 22:35 - 2018-01-06 13:35 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-05 22:15 - 2018-01-05 22:15 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\NuGet
2018-01-05 22:11 - 2018-01-05 22:11 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\PackageManagement
2018-01-05 22:11 - 2018-01-05 22:11 - 000000000 ____D C:\Program Files\PackageManagement
2018-01-05 21:34 - 2018-01-05 21:34 - 000426779 _____ C:\Users\Ronin Asus\Downloads\Meltdown & Spectre Flaw.pdf
2018-01-05 20:48 - 2018-01-05 20:48 - 002474116 _____ () C:\Users\Ronin Asus\Downloads\ipscan-win64-3.5.2.exe
2018-01-05 17:21 - 2018-01-05 17:21 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\GlassWire
2018-01-05 15:48 - 2018-01-05 15:48 - 000008107 _____ C:\Users\Ronin Asus\Downloads\MTB.txt
2018-01-05 15:47 - 2018-01-05 15:47 - 000001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
2018-01-05 15:47 - 2018-01-05 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-01-05 15:47 - 2015-05-28 22:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2018-01-05 15:47 - 2015-05-28 22:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-01-05 15:46 - 2018-01-05 15:47 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-01-05 15:46 - 2018-01-05 15:46 - 000000000 ____D C:\ProgramData\GlassWire
2018-01-05 13:54 - 2018-01-05 13:57 - 000004225 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-05-13-54-42.txt
2018-01-05 13:54 - 2018-01-05 13:54 - 000002680 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-05-13-54-34.txt
2018-01-05 13:52 - 2018-01-19 23:35 - 000002186 _____ C:\Users\Ronin Asus\Desktop\Rkill.txt
2018-01-05 13:52 - 2018-01-05 13:53 - 000001712 _____ C:\Users\Ronin Asus\Downloads\FSS.txt
2018-01-05 13:52 - 2018-01-05 13:52 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill64.exe
2018-01-04 08:24 - 2018-01-04 08:25 - 000003027 _____ C:\Users\Ronin Asus\Downloads\netadapter-log-2018-01-04-8-24-59.txt
2018-01-04 07:59 - 2018-01-04 07:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2018-01-04 07:59 - 2018-01-04 07:59 - 000000000 ____D C:\Program Files\TAP-Windows
2018-01-04 07:58 - 2018-01-04 07:58 - 000256240 _____ C:\Users\Ronin Asus\Downloads\tap-windows-9.21.2.exe
2018-01-03 23:32 - 2018-01-03 23:32 - 002091520 _____ (Conner Bernhard) C:\Users\Ronin Asus\Downloads\NetAdapterRepair1.2(1).exe
2018-01-03 21:58 - 2018-01-03 21:58 - 000001088 _____ C:\Users\Public\Desktop\IPVanish.lnk
2018-01-03 21:58 - 2018-01-03 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2018-01-03 21:56 - 2018-01-03 21:56 - 022707312 _____ (IPVanish) C:\Users\Ronin Asus\Downloads\ipvanish-setup (1).exe
2018-01-03 21:54 - 2018-01-03 21:54 - 002091520 _____ (Conner Bernhard) C:\Users\Ronin Asus\Downloads\NetAdapterRepair1.2.exe
2018-01-03 21:52 - 2018-01-03 21:52 - 000892416 _____ (Farbar) C:\Users\Ronin Asus\Downloads\MiniToolBox.exe
2018-01-03 21:47 - 2018-01-03 21:47 - 000899584 _____ (Farbar) C:\Users\Ronin Asus\Downloads\FSS.exe
2018-01-03 21:45 - 2018-01-03 21:45 - 000957952 _____ (Farbar) C:\Users\Ronin Asus\Downloads\ListParts64.exe
2018-01-03 21:38 - 2018-01-03 21:43 - 035166664 _____ (SecureMix LLC) C:\Users\Ronin Asus\Downloads\glasswire-free-firewall_2.0.80.exe
2018-01-03 21:38 - 2018-01-03 21:39 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill_2.9.1.0.exe
2018-01-03 21:38 - 2018-01-03 21:38 - 000441344 _____ (Streuner Corporation) C:\Users\Ronin Asus\Downloads\usb-file-resc_17.0.0.1.exe
2018-01-03 21:37 - 2018-01-03 21:38 - 008198432 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\adwcleaner_7.0.6.0.exe
2018-01-03 21:36 - 2018-01-03 21:36 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Ronin Asus\Downloads\mbar-1.10.3.1001.exe
2018-01-03 21:22 - 2018-01-01 11:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-03 21:22 - 2018-01-01 06:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-03 21:22 - 2018-01-01 06:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-03 21:22 - 2018-01-01 06:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-03 21:22 - 2018-01-01 06:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-03 21:22 - 2018-01-01 06:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-03 21:22 - 2018-01-01 06:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-03 21:22 - 2018-01-01 06:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-03 21:22 - 2018-01-01 06:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-03 21:22 - 2018-01-01 06:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-03 21:22 - 2018-01-01 06:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-03 21:22 - 2018-01-01 06:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-03 21:22 - 2018-01-01 06:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-03 21:22 - 2018-01-01 06:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-03 21:22 - 2018-01-01 06:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-03 21:22 - 2018-01-01 06:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-03 21:22 - 2018-01-01 06:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-03 21:22 - 2018-01-01 06:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-03 21:22 - 2018-01-01 06:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-03 21:22 - 2018-01-01 06:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-03 21:22 - 2018-01-01 06:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-03 21:22 - 2018-01-01 06:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-03 21:22 - 2018-01-01 06:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-03 21:22 - 2018-01-01 06:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-03 21:22 - 2018-01-01 06:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-03 21:22 - 2018-01-01 06:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-03 21:22 - 2018-01-01 06:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-03 21:22 - 2018-01-01 06:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-03 21:22 - 2018-01-01 06:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-03 21:22 - 2018-01-01 06:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-03 21:22 - 2018-01-01 06:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-03 21:22 - 2018-01-01 06:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-03 21:22 - 2018-01-01 06:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-03 21:22 - 2018-01-01 06:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-03 21:22 - 2018-01-01 06:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-03 21:22 - 2018-01-01 06:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-03 21:22 - 2018-01-01 06:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-03 21:22 - 2018-01-01 06:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-03 21:22 - 2018-01-01 06:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-03 21:22 - 2018-01-01 06:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-03 21:22 - 2018-01-01 06:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-03 21:22 - 2018-01-01 06:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-03 21:22 - 2018-01-01 06:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-03 21:22 - 2018-01-01 06:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-03 21:22 - 2018-01-01 06:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-03 21:22 - 2018-01-01 06:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-03 21:22 - 2018-01-01 06:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-03 21:22 - 2018-01-01 06:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-03 21:22 - 2018-01-01 06:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-03 21:22 - 2018-01-01 06:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-03 21:22 - 2018-01-01 06:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-03 21:22 - 2018-01-01 06:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-03 21:22 - 2018-01-01 06:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-03 21:22 - 2018-01-01 06:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-03 21:22 - 2018-01-01 06:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-03 21:22 - 2018-01-01 06:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-03 21:22 - 2018-01-01 06:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-03 21:22 - 2018-01-01 06:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-03 21:22 - 2018-01-01 06:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-03 21:22 - 2018-01-01 06:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-03 21:22 - 2018-01-01 06:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-03 21:22 - 2018-01-01 06:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-03 21:22 - 2018-01-01 06:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-03 21:22 - 2018-01-01 06:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-03 21:22 - 2018-01-01 06:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-03 21:22 - 2018-01-01 06:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-03 21:22 - 2018-01-01 06:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-03 21:22 - 2018-01-01 06:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-03 21:22 - 2018-01-01 06:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-03 21:22 - 2018-01-01 06:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-03 21:22 - 2018-01-01 06:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-03 21:22 - 2018-01-01 05:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-03 21:22 - 2018-01-01 05:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-03 21:22 - 2018-01-01 05:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-03 21:22 - 2018-01-01 05:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-03 21:22 - 2018-01-01 05:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-03 21:22 - 2018-01-01 05:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-03 21:22 - 2018-01-01 05:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-03 21:22 - 2018-01-01 05:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-03 21:22 - 2018-01-01 05:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-03 21:22 - 2018-01-01 05:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-03 21:22 - 2018-01-01 05:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-03 21:22 - 2018-01-01 05:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-03 21:22 - 2018-01-01 05:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-03 21:22 - 2018-01-01 05:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-03 21:22 - 2018-01-01 05:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-03 21:22 - 2018-01-01 05:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-03 21:22 - 2018-01-01 05:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-03 21:22 - 2018-01-01 05:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-03 21:22 - 2018-01-01 05:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-03 21:22 - 2018-01-01 05:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-03 21:22 - 2018-01-01 05:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-03 21:22 - 2018-01-01 05:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-03 21:22 - 2018-01-01 05:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-03 21:22 - 2018-01-01 05:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-03 21:22 - 2018-01-01 05:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-03 21:22 - 2018-01-01 05:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-03 21:22 - 2018-01-01 05:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-03 21:22 - 2018-01-01 05:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-03 21:22 - 2018-01-01 05:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-03 21:22 - 2018-01-01 05:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-03 21:22 - 2018-01-01 05:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-03 21:22 - 2018-01-01 05:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-03 21:22 - 2018-01-01 05:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-03 21:22 - 2018-01-01 05:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-03 21:22 - 2018-01-01 05:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-03 21:22 - 2018-01-01 05:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-03 21:22 - 2018-01-01 05:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-03 21:22 - 2018-01-01 05:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-03 21:22 - 2018-01-01 05:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-03 21:22 - 2018-01-01 05:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-03 21:22 - 2018-01-01 05:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-03 21:22 - 2018-01-01 05:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-03 21:22 - 2018-01-01 05:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-03 21:22 - 2018-01-01 05:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-03 21:22 - 2018-01-01 05:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-03 21:22 - 2018-01-01 05:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-03 21:22 - 2018-01-01 05:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-03 21:22 - 2018-01-01 05:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-03 21:22 - 2018-01-01 05:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-03 21:22 - 2018-01-01 05:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-03 21:22 - 2018-01-01 05:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-03 21:17 - 2018-01-23 21:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-01-03 21:14 - 2018-01-03 21:14 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\CEF
2018-01-03 21:13 - 2018-01-03 21:13 - 036622408 _____ (McAfee, Inc.) C:\Users\Ronin Asus\Downloads\Setup_serial__ofGtrIodOGiiAqeYiS3eA2_key_affid_1285_akey.exe
2018-01-03 20:59 - 2018-01-03 20:59 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Temp
2017-12-28 09:17 - 2017-12-28 09:17 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\ElevatedDiagnostics
2017-12-27 21:25 - 2018-01-13 03:15 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\PlaceholderTileLogoFolder
2017-12-27 21:16 - 2017-12-27 21:16 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-12-27 17:30 - 2017-12-27 17:30 - 008172032 _____ (Malwarebytes) C:\Users\Ronin Asus\Downloads\AdwCleaner.exe
2017-12-27 17:29 - 2017-12-27 17:29 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Ronin Asus\Downloads\rkill.exe
2017-12-27 17:01 - 2017-12-27 20:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-12-27 16:47 - 2017-12-27 18:21 - 000001994 _____ C:\WINDOWS\ntbtlog.txt
2017-12-27 16:34 - 2017-12-27 16:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-27 16:24 - 2017-12-27 16:56 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\Apple Computer
2017-12-27 16:24 - 2017-12-27 16:24 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Apple Computer
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-27 16:24 - 2017-12-27 16:24 - 000000000 ____D C:\Program Files\iPod
2017-12-27 16:23 - 2017-12-27 16:24 - 000000000 ____D C:\Program Files\iTunes
2017-12-27 16:23 - 2017-12-27 16:23 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-27 16:23 - 2017-12-27 16:23 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-27 16:22 - 2017-12-27 16:23 - 000000000 ____D C:\ProgramData\Apple
2017-12-27 15:56 - 2017-12-27 15:56 - 022707312 _____ (IPVanish) C:\Users\Ronin Asus\Downloads\ipvanish-setup.exe
2017-12-27 12:33 - 2017-12-27 12:36 - 000000000 ____D C:\NPE
2017-12-27 12:32 - 2017-12-27 16:46 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\NPE
2017-12-27 12:07 - 2017-12-27 12:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001
2017-12-26 19:34 - 2018-01-23 22:13 - 000026785 _____ C:\Users\Ronin Asus\Downloads\Addition.txt
2017-12-26 19:33 - 2018-01-25 23:36 - 000010817 _____ C:\Users\Ronin Asus\Downloads\FRST.txt
2017-12-26 19:33 - 2018-01-25 23:36 - 000000000 ____D C:\FRST
2017-12-26 13:43 - 2017-12-26 13:46 - 000000000 ____D C:\Users\Ronin Asus\Documents\Dads Porn

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-25 23:34 - 2017-12-23 11:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-25 23:17 - 2017-12-23 11:26 - 001181592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-25 23:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-25 23:12 - 2017-12-23 11:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-25 23:12 - 2017-12-17 18:11 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-25 23:12 - 2017-09-29 02:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-25 22:50 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\LocalLow\Mozilla
2018-01-25 22:45 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-25 22:45 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-25 22:45 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-25 22:40 - 2017-12-17 18:30 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\CrashDumps
2018-01-25 22:39 - 2017-12-17 17:13 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 21:50 - 2017-12-23 11:17 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Packages
2018-01-23 21:49 - 2017-09-29 07:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-23 21:49 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-20 00:32 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-18 20:22 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-18 20:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-18 20:00 - 2017-12-17 17:38 - 000000000 ____D C:\Program Files\IPVanish VPN
2018-01-18 19:58 - 2017-12-19 00:03 - 000001342 _____ C:\Users\Ronin Asus\Desktop\Spotify.lnk
2018-01-10 00:49 - 2017-12-17 17:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 00:48 - 2017-12-17 17:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 00:48 - 2017-12-17 17:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 00:47 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 01:27 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-09 00:50 - 2017-12-20 03:43 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 00:50 - 2017-12-20 03:43 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-06 11:16 - 2017-12-18 22:20 - 005000352 _____ C:\WINDOWS\PE_File.dll
2018-01-06 11:16 - 2017-12-18 22:16 - 005133680 _____ C:\WINDOWS\PE_Rom.dll
2018-01-06 10:46 - 2017-12-23 11:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-01-06 10:42 - 2017-12-23 11:16 - 000000000 ____D C:\Users\Ronin Asus
2018-01-06 10:41 - 2017-12-17 22:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-06 10:39 - 2017-12-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-01-06 10:38 - 2017-12-17 22:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Drivers\MFDLL
2018-01-05 22:35 - 2017-12-17 17:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-05 22:35 - 2017-12-17 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-05 17:58 - 2017-12-17 17:39 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-05 15:47 - 2017-12-17 16:57 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-03 23:30 - 2017-12-23 16:33 - 000000000 ___RD C:\Users\Ronin Asus\3D Objects
2018-01-03 23:30 - 2017-12-17 17:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-03 23:13 - 2017-12-23 11:14 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-03 23:11 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-03 23:11 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-03 21:58 - 2017-12-17 17:38 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\IPVanish
2018-01-03 21:07 - 2017-12-23 11:11 - 000000000 ____D C:\Windows.old
2018-01-03 20:55 - 2017-12-17 17:53 - 000000000 ____D C:\ProgramData\Norton
2017-12-28 08:52 - 2017-12-17 17:54 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-12-26 21:12 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-26 20:47 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-12-26 20:28 - 2017-12-17 17:49 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\TileDataLayer
2017-12-26 20:28 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-26 20:23 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\registration
2017-12-26 20:22 - 2017-12-20 03:43 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Google
2017-12-26 20:22 - 2017-12-18 23:37 - 000000000 ____D C:\Users\Ronin Asus\Downloads\ASUS_Manager-Update_V20505
2017-12-26 20:22 - 2017-12-18 07:33 - 000000000 ____D C:\Users\Ronin Asus\Documents\asus files
2017-12-26 20:22 - 2017-12-17 22:38 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\ASUS
2017-12-26 20:22 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\Roaming\Mozilla
2017-12-26 20:22 - 2017-12-17 17:39 - 000000000 ____D C:\Users\Ronin Asus\AppData\Local\Mozilla

==================== Files in the root of some directories =======

2017-12-25 11:03 - 2017-12-25 11:03 - 000000017 _____ () C:\Users\Ronin Asus\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 20:52

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Ronin Asus (25-01-2018 23:37:01)
Running from C:\Users\Ronin Asus\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-23 17:28:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-750800953-1317498452-842231029-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-750800953-1317498452-842231029-503 - Limited - Disabled)
Guest (S-1-5-21-750800953-1317498452-842231029-501 - Limited - Enabled)
Ronin Asus (S-1-5-21-750800953-1317498452-842231029-1001 - Administrator - Enabled) => C:\Users\Ronin Asus
WDAGUtilityAccount (S-1-5-21-750800953-1317498452-842231029-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.12.00 - ASUSTeK Computer Inc.)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.80 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
IPVanish (HKLM\...\{37C6D801-BF83-4EA4-9859-109E92625352}) (Version: 3.1.0.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.0.0) (Version: 3.1.0.0 - IPVanish)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-750800953-1317498452-842231029-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {141F1F9D-CA58-4F5D-8F74-C3820BDA2F82} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2016-03-24] ()
Task: {23794351-E431-4FF5-A447-51853708A81B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {4E7071FC-6D3E-46E4-ADCD-48224DC42E38} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2016-03-24] (ASUSTeK Computer Inc.)
Task: {6EF1B78C-CA88-49DF-9191-BA08698BFA71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {72CF063F-5CCF-4BBE-9805-48AD65DEDE23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {80FD0286-9FD6-404A-90DB-A93CBD484926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.)
Task: {8C3D3613-60A8-4004-9D93-47F06989213A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {92AB5663-96C9-4D6C-A008-E8F7CAAB1A57} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {A1E03A16-87B8-4AE7-8582-25A80FDDB67D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {CE86A807-34E9-46FF-BCD6-F7D333F76C96} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {D5014823-55C8-4EB0-9B75-49844A5761A1} - System32\Tasks\IPVanish.VpnClient => C:\Program Files\IPVanish VPN\IPVanishLauncher.exe [2017-10-04] (IPVanish)
Task: {E45F2B6A-BA04-45A1-A2A3-8D918F4FCFB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-23] (Microsoft Corporation)
Task: {E7C50DE8-C41C-4380-B06E-E8CF73F98717} - System32\Tasks\S-1-5-21-750800953-1317498452-842231029-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-12-17 22:31 - 2017-12-17 22:31 - 000920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-12-23 11:07 - 2017-12-23 11:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 000975872 _____ () c:\windows\system32\FaceProcessor.dll
2017-12-23 11:07 - 2017-12-23 11:07 - 000269696 _____ () c:\windows\system32\FaceProcessorCore.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001357464 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-01-18 20:04 - 2018-01-18 20:05 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-18 20:04 - 2018-01-18 20:05 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-18 20:04 - 2018-01-18 20:06 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 20:53 - 2018-01-03 20:53 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-23 21:57 - 2018-01-23 21:57 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.13.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 18:43 - 2015-11-04 18:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-12-21 08:06 - 2017-12-21 08:06 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2017-12-17 22:31 - 2018-01-25 23:14 - 000026624 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2017-12-17 22:31 - 2017-12-17 22:27 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-750800953-1317498452-842231029-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD10889B-E87D-4C1A-8A15-26D60718FA64}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B32B807A-15F5-49D6-B2E2-CB5ED55AF673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38021F4C-AE2E-4A29-A99B-81B6D2F8652C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A95ADE6D-1735-47D6-93DB-E2821B90509D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C08E15-9C95-42E3-B302-2C21967FB71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75789C9F-7575-4DE8-8C24-3916348E8256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{686DA45C-2A2B-42AF-B0C3-B938923C3851}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C12FF8F-B6BA-47DA-AC94-C7CBC872856B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3FA582FC-6978-413A-83A9-ACF87799092C}C:\users\ronin asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronin asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4E911E83-6E43-4E5C-B47A-6CD2B18138EE}C:\users\ronin asus\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronin asus\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53DCA057-1124-4A18-832E-038AACF9CEA2}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{A2A8C3F7-34E8-4D7F-B4AE-F06F2EC24F93}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{FBFE5F93-3E79-4E91-935E-49743106A723}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{BDBB9CCD-1CE3-453A-B933-AC29C5CF0555}] => (Allow) C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe
FirewallRules: [{3E46CBA1-A047-4EFC-9A5B-56B2CAFF9FD4}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{C15C7BD4-A002-4362-8D3A-FFED1CAE2E82}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{25F12F4C-65A7-4ECF-9170-F2AE922622C0}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{FEE381D4-597A-4B8A-A81D-9B06CAED4B86}] => (Allow) C:\Program Files\IPVanish VPN\IPVanishLauncher.exe
FirewallRules: [{4F7BB0D5-80B8-44F7-AA3E-05091AA6C8C9}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEDCB809-A434-4AE2-BF23-7211A451755B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{3A6A9B91-5595-4B13-ABFC-C68772EF98B3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{54566ECE-4858-4227-AF5E-F47654135BD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F515FECC-C363-4B2A-A78C-7C53FFE53195}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-01-2018 00:46:44 Windows Update
10-01-2018 00:47:32 Windows Update
18-01-2018 20:20:54 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2018 10:39:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
Exception code: 0x40000015
Fault offset: 0x000000000000ad32
Faulting process id: 0x1638
Faulting application start time: 0x01d39647ee056a27
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: c42ed776-709c-43a5-93ff-928e9e4818c7
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (01/20/2018 01:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: s01gx8yx.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: s01gx8yx.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008dcc4
Faulting process id: 0x318c
Faulting application start time: 0x01d391c2163c2acc
Faulting application path: C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
Faulting module path: C:\Users\Ronin Asus\Downloads\s01gx8yx.exe
Report Id: 1e33f29f-68a1-490a-804e-a631163d786d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2018 12:04:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: y8d2rjm8.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: y8d2rjm8.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0001d061
Faulting process id: 0x31c0
Faulting application start time: 0x01d391b375a8ebb3
Faulting application path: C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
Faulting module path: C:\Users\Ronin Asus\Downloads\y8d2rjm8.exe
Report Id: 569fdccb-ee4d-418d-a87e-ea57337ad5eb
Faulting package full name:
Faulting package-relative application ID:

Error: (01/18/2018 08:12:39 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4CF44528-A3F6-4180-B458-379702BD8824}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 1168.

Error: (01/13/2018 03:13:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TAINOHATUEYASUS)
Description: Package Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (01/13/2018 02:18:15 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87C5A303-77FB-4F64-BFC9-0F284BFD62A5}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (PPTP) which has failed. The error code returned on failure is 807.

Error: (01/12/2018 08:11:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BE71A87B-5A9F-4A8F-94F2-1425DC4A3AED}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1168.

Error: (01/12/2018 07:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IPVanish.VpnClient.exe version 3.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2938

Start Time: 01d38bfa577c6dd8

Termination Time: 140

Application Path: C:\Program Files\IPVanish VPN\IPVanish.VpnClient.exe

Report Id: a058fbf9-1536-4e7b-bc70-846f6330ae9f

Faulting package full name:

Faulting package-relative application ID:

Error: (01/09/2018 11:59:47 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={41A5F511-AC40-4525-B2A3-5BD0E76B6065}: The user TAINOHATUEYASUS\Ronin Asus dialed a connection named IPVanish VPN (L2TP) which has failed. The error code returned on failure is 1232.

Error: (01/09/2018 01:38:46 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TAINOHATUEYASUS)
Description: InputApp_cw5n1h2txyewy-2147024891

System errors:
=============
Error: (01/25/2018 11:12:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (01/25/2018 11:12:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (01/25/2018 11:12:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GlassWire Control Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Realtek Bluetooth Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/25/2018 10:45:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2018-01-04 08:43:40.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:43:40.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:39:28.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:38:09.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:45.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:43.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:40.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:38.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:30.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 08:36:28.130
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files\McAfee\Gkp\HcApi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon™ HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 11467.45 MB
Available physical RAM: 9304.88 MB
Total Virtual: 13195.45 MB
Available Virtual: 11035.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.53 GB) (Free:1818.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 404F7E32)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

# AdwCleaner 7.0.7.0 - Logfile created on Fri Jan 26 04:45:50 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\Ronin Asus\AppData\Local\slimware utilities inc
Deleted: C:\Users\Ronin Asus\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Program Files\SlimService

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: DriverUpdate Scan

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-750800953-1317498452-842231029-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-750800953-1317498452-842231029-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1821 B] - [2018/1/24 4:7:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1726 B] - [2018/1/24 4:13:8]
C:/AdwCleaner/AdwCleaner[S2].txt - [1953 B] - [2018/1/26 4:45:9]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


Edited by SenorSySoP, 26 January 2018 - 12:50 AM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 26 January 2018 - 04:42 AM

For me your FRST logs are clean.

Please post the GMER log.


:step1: We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here:
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/



***

:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 26 January 2018 - 09:11 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 7:51 AM
Log File: 118f32c8-02a0-11e8-a5e2-7824af82d530.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3792
License: Trial

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: TAINOHATUEYASUS\Ronin Asus

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287342
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)



#12 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 26 January 2018 - 09:15 AM

here​ is the gmer scan.   it suggests I do a full scan which I am doing now

 

​GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-01-26 08:14:28
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000028 TOSHIBA_DT01ACA200 rev.MX4OABS0 1863.02GB
Running: q5b23e9x.exe; Driver: C:\Users\RONINA~1\AppData\Local\Temp\kweoyaow.sys

---- Threads - GMER 2.2 ----

Thread   C:\WINDOWS\system32\csrss.exe [732:944]                          fffff707b8de9c20

---- Services - GMER 2.2 ----

Service  C:\WINDOWS\system32\drivers\mbamchameleon.sys (*** hidden *** )  [MANUAL] mbamchameleon   <-- ROOTKIT !!!

---- EOF - GMER 2.2 ----
 



#13 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 26 January 2018 - 12:43 PM

GMER is not very helpful, because it comes along with some false alarms.

Service C:\WINDOWS\system32\drivers\mbamchameleon.sys (*** hidden *** ) [MANUAL] mbamchameleon <-- ROOTKIT !!!

mbamchameleon.sys belongs to Malwarebytes and is safe!

Anyway, can you show me the full scan log from GMER?

---

Please go to one of the below sites to scan the following file(s):
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the following file(s) for analysis:

C:\WINDOWS\system32\csrss.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

---

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
---

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Enable all your antivirus and antimalware software.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 SenorSySoP

SenorSySoP
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 26 January 2018 - 07:51 PM

​the css files came back clean but the Kaspersky log found 2 issues.  the log file is too long so I had to put in a file, sorry.   If there was a better way, I did not know it.

 

​The other scans will follow.  Also, one related question.   Is there anything in the logs users post that should be obsfucated or redacted before pasting in?   Maybe I am paranoid but couldn't the hacker who already had access to the machine follow along and see the very scans to the machine he infected?   Maybe they already do, I don't know but that question just came to mind.   Anyway, I really appreciate your help and promptness.   Back to work for me.   I await your instructs.  Cheers



#15 Jo*

Jo*

  • Malware Response Team
  • 3,293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:58 PM

Posted 27 January 2018 - 02:57 AM

Don't worry about an imaginary hacker and post the logs.

You can attach the Kaspersky log or only copy and the lines with the found 2 issues to your post.

Edited by Jo*, 27 January 2018 - 03:35 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users