Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error screen and some security issues with my computer


  • This topic is locked This topic is locked
37 replies to this topic

#1 ArchimedesNose

ArchimedesNose

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 14 April 2018 - 10:13 PM

Hello there!

 

I have been seeing some interesting but nevertheless frustrating things happening with my computer!

 

For starters, I have been on eBay recently making some online purchases, and I notice that my Anti-virus (Bitdefender) has been red flagging/blocking phishing attempts on several occasions. And today, I noticed an error that appeared on my desktop (while I had no browsers open) that I took a screen capture of that does not appear to be using English characters. I think this because there are several characters that have funky looking accents apostrophe's and dots over them...one of the characters looks like a British pound sign...but I'm not sure how to replicate the error.

 

The error box itself is approximately 1 and a half inches by three inches, and seems to say something like "ControlService ilo (British pound sterling sign) (funky dash) ilo uAe:1053"

The top left of the box says something like ilo

 

I did not click anything, and instead rebooted my computer and ran some scans with Bitdefender, Malwarebytes, Adwcleaner, and CCleaner.

 

Bitdefender and Malwarebytes came back with clean scans, but Adwcleaner found two PUP's and requested that I reboot the computer after it removed the two threats. For some reason, it took me a couple of times of removing these threats before they stopped continually showing up in my scans over and over again.

 

I'm not really sure what to make of all of this, on top of the fact that I thought Malwarebytes had been out of its Premium trial course, and as of this morning it has about three days left apparently...which I also thought was kind of weird.

 

Am I infected or should I be concerned about any of this??

Help? 

 

I am using Windows 10 Home Edition version 1709 on a fairly new Lenovo computer.

 

I look forward to reading your response on how I should handle this further...thanks again!

 

**ArchimedesNose**

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 13 May 2018 - 05:33 AM

ArchimedesNose:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I apologize for the delays you have encountered in having your request receive attention.  You can be assured that I will be very attentive to your issues now that we will be working together
 
Please follow the instruction in this post to provide me with FRST scan logs.
 
I will need some time to review your FRST logs, once I receive them.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script, if I receive your logs before noon, my time.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 16 May 2018 - 10:47 AM

ArchimedesNose:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#4 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 16 May 2018 - 08:47 PM

Hello Phil,

Thank you so much for responding to my post. It sure means a lot that I received a descriptive answer this time. lol. Yes, you may address me by my first name. I'm Andrew, it's nice to meet you!!  :) My work schedule is quite hectic, so please forgive me if it takes a bit to respond. I assure you I take this very seriously, and look forward to delving into what may be causing this. I ran the scan you suggested and the results from both notepads are as follows:

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Andrew (administrator) on DESKTOP-665J7J4 (16-05-2018 20:59:55)
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available Profiles: Andrew)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-12] (Piriform Ltd)
HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [368640 2017-09-29] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip\..\Interfaces\{4321bfec-0c1b-4495-93c4-f35df38cd37e}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
 
Internet Explorer:
==================
HKU\S-1-5-21-2656857533-241962398-1038087689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2656857533-241962398-1038087689-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-05-16]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-19]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-19]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-19]
CHR Extension: (HTTPS Everywhere) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-19]
CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-09]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-19]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-04-26] (Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373712 2017-11-28] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1282232 2018-01-19] (Bitdefender)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-14] (SHAREit Technologies Co.Ltd)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [239400 2018-05-11] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [239400 2018-05-11] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [239400 2018-05-11] (Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-09] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-09] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-05-11] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-11] (BitDefender)
R0 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [152648 2018-05-11] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-11] (Bitdefender)
S3 dot4; C:\WINDOWS\System32\drivers\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [246064 2018-05-11] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [189544 2018-05-11] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7408592 2017-11-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-09] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614368 2017-12-06] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2016-02-01] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [412400 2015-08-05] (Realsil Semiconductor Corporation)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [607640 2018-05-11] (Bitdefender)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-09] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-09] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-09] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-16 20:59 - 2018-05-16 21:01 - 000014642 _____ C:\Users\Andrew\Desktop\FRST.txt
2018-05-16 20:59 - 2018-05-16 20:59 - 000000000 ____D C:\FRST
2018-05-16 20:51 - 2018-05-16 20:53 - 002413056 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2018-05-08 15:16 - 2018-05-03 03:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 15:16 - 2018-05-03 03:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-08 15:16 - 2018-05-03 03:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-08 15:16 - 2018-05-03 03:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 15:16 - 2018-05-03 03:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 15:16 - 2018-05-03 03:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 15:16 - 2018-05-03 03:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 15:16 - 2018-05-03 03:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-08 15:16 - 2018-05-03 03:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-08 15:16 - 2018-05-03 03:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-08 15:16 - 2018-05-03 03:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 15:16 - 2018-05-03 03:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-08 15:16 - 2018-05-03 03:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-08 15:16 - 2018-05-03 02:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-08 15:16 - 2018-05-03 02:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 15:16 - 2018-05-03 02:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-08 15:16 - 2018-05-03 02:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-08 15:16 - 2018-05-03 02:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-08 15:16 - 2018-05-03 02:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-08 15:16 - 2018-05-03 02:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 15:16 - 2018-05-03 02:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-08 15:16 - 2018-05-03 02:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 15:16 - 2018-05-03 02:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 15:16 - 2018-05-03 02:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 15:16 - 2018-05-03 02:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 15:16 - 2018-05-03 02:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-08 15:16 - 2018-05-03 02:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-08 15:16 - 2018-05-03 02:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-08 15:16 - 2018-05-03 02:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-08 15:16 - 2018-05-03 02:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 15:16 - 2018-05-03 02:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-08 15:16 - 2018-05-03 02:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 15:16 - 2018-05-03 02:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-08 15:16 - 2018-05-03 02:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 15:16 - 2018-05-03 02:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 15:16 - 2018-05-03 02:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 15:16 - 2018-05-03 02:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 15:16 - 2018-05-03 02:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-08 15:16 - 2018-05-03 02:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-08 15:16 - 2018-05-03 02:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-08 15:16 - 2018-05-03 02:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-08 15:16 - 2018-05-03 02:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-08 15:16 - 2018-05-03 02:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-05-08 15:16 - 2018-05-03 01:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-08 15:16 - 2018-05-03 01:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-08 15:16 - 2018-05-03 01:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 15:16 - 2018-05-03 01:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 15:16 - 2018-05-03 01:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-08 15:16 - 2018-05-03 01:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-05-08 15:16 - 2018-05-03 01:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-05-08 15:16 - 2018-05-03 01:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-08 15:16 - 2018-05-03 01:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-05-08 15:16 - 2018-05-03 01:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-08 15:16 - 2018-05-03 01:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 15:16 - 2018-05-03 01:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 15:16 - 2018-05-03 01:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 15:16 - 2018-05-03 01:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 15:16 - 2018-05-03 01:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 15:16 - 2018-05-03 01:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 15:16 - 2018-05-03 01:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 15:16 - 2018-05-03 01:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-05-08 15:16 - 2018-04-15 18:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-05-08 15:16 - 2018-04-15 18:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-05-08 15:16 - 2018-04-15 17:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-05-08 15:16 - 2018-04-15 17:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-05-08 15:16 - 2018-04-15 17:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-05-08 15:16 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-05-08 15:16 - 2018-04-15 17:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-05-08 15:16 - 2018-04-15 17:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-08 15:16 - 2018-04-15 17:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-05-08 15:16 - 2018-04-15 17:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-05-08 15:16 - 2018-04-15 17:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-05-08 15:16 - 2018-04-15 17:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-05-08 15:16 - 2018-04-15 17:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-05-08 15:16 - 2018-04-15 17:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-05-08 15:16 - 2018-04-15 17:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-08 15:16 - 2018-04-15 17:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-05-08 15:16 - 2018-04-15 17:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-05-08 15:16 - 2018-04-15 16:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-05-08 15:16 - 2018-04-15 16:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-05-08 15:16 - 2018-04-15 16:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-05-08 15:16 - 2018-04-15 16:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-08 15:16 - 2018-04-15 16:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-05-08 15:16 - 2018-04-15 16:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-05-08 15:16 - 2018-04-15 16:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-05-08 15:16 - 2018-04-15 16:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-05-08 15:16 - 2018-04-15 16:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-08 15:16 - 2018-04-15 16:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-05-08 15:16 - 2018-04-15 16:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-05-08 15:16 - 2018-04-15 16:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-05-08 15:16 - 2018-04-15 16:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-05-08 15:16 - 2018-04-15 16:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-05-08 15:16 - 2018-04-15 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-05-08 15:16 - 2018-04-15 16:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-05-08 15:16 - 2018-04-15 16:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-05-08 15:16 - 2018-04-15 16:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-05-08 15:16 - 2018-04-15 16:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-05-08 15:16 - 2018-04-15 16:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-05-08 15:16 - 2018-04-15 16:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-08 15:16 - 2018-04-15 16:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-05-08 15:16 - 2018-04-15 16:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-05-08 15:16 - 2018-04-15 16:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-05-08 15:16 - 2018-04-15 16:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-08 15:16 - 2018-04-15 16:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-08 15:16 - 2018-04-15 16:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 15:16 - 2018-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-05-08 15:16 - 2018-04-15 16:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-05-08 15:16 - 2018-04-15 16:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 15:16 - 2018-04-15 16:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 15:16 - 2018-04-15 16:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-05-08 15:16 - 2018-04-15 16:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-05-08 15:16 - 2018-04-15 16:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-05-08 15:16 - 2018-04-15 16:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-05-08 15:16 - 2018-04-15 16:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 15:16 - 2018-04-15 16:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-05-08 15:16 - 2018-04-15 16:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-08 15:16 - 2018-04-15 16:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-05-08 15:16 - 2018-04-15 16:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-05-08 15:16 - 2018-04-15 16:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-05-08 15:16 - 2018-04-15 16:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-05-08 15:16 - 2018-04-15 16:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-05-08 15:16 - 2018-04-15 16:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-05-08 15:16 - 2018-04-15 16:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-05-08 15:16 - 2018-04-15 16:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-05-08 15:16 - 2018-04-15 16:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-05-08 15:16 - 2018-04-15 16:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-05-08 15:16 - 2018-04-15 16:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-05-08 15:15 - 2018-05-03 03:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-05-08 15:15 - 2018-05-03 03:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-05-08 15:15 - 2018-05-03 03:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-05-08 15:15 - 2018-05-03 03:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-05-08 15:15 - 2018-05-03 03:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 15:15 - 2018-05-03 03:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-05-08 15:15 - 2018-05-03 03:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-05-08 15:15 - 2018-05-03 03:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 15:15 - 2018-05-03 03:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-05-08 15:15 - 2018-05-03 03:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-05-08 15:15 - 2018-05-03 03:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-05-08 15:15 - 2018-05-03 03:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-05-08 15:15 - 2018-05-03 03:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-05-08 15:15 - 2018-05-03 03:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-05-08 15:15 - 2018-05-03 03:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 15:15 - 2018-05-03 03:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-05-08 15:15 - 2018-05-03 03:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 15:15 - 2018-05-03 03:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-05-08 15:15 - 2018-05-03 03:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-05-08 15:15 - 2018-05-03 03:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-05-08 15:15 - 2018-05-03 03:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-08 15:15 - 2018-05-03 03:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-05-08 15:15 - 2018-05-03 03:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-05-08 15:15 - 2018-05-03 03:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-05-08 15:15 - 2018-05-03 03:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-08 15:15 - 2018-05-03 03:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-05-08 15:15 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-05-08 15:15 - 2018-05-03 02:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 15:15 - 2018-05-03 02:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-05-08 15:15 - 2018-05-03 02:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-08 15:15 - 2018-05-03 02:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-05-08 15:15 - 2018-05-03 02:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-05-08 15:15 - 2018-05-03 02:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-08 15:15 - 2018-05-03 02:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-05-08 15:15 - 2018-05-03 02:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 15:15 - 2018-05-03 02:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-05-08 15:15 - 2018-05-03 02:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-05-08 15:15 - 2018-05-03 02:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll
2018-05-08 15:15 - 2018-05-03 02:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-08 15:15 - 2018-05-03 02:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 15:15 - 2018-05-03 02:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-08 15:15 - 2018-05-03 02:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-05-08 15:15 - 2018-05-03 02:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-05-08 15:15 - 2018-05-03 02:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 15:15 - 2018-05-03 02:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 15:15 - 2018-05-03 02:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 15:15 - 2018-05-03 02:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-05-08 15:15 - 2018-05-03 02:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 15:15 - 2018-05-03 02:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-05-08 15:15 - 2018-05-03 01:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-05-08 15:15 - 2018-05-03 01:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 15:15 - 2018-05-03 01:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 15:15 - 2018-05-03 01:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 15:15 - 2018-05-03 01:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-05-08 15:15 - 2018-04-15 18:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-05-08 15:15 - 2018-04-15 17:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2018-05-08 15:15 - 2018-04-15 17:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-05-08 15:15 - 2018-04-15 17:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-05-08 15:15 - 2018-04-15 17:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-05-08 15:15 - 2018-04-15 17:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-05-08 15:15 - 2018-04-15 17:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-05-08 15:15 - 2018-04-15 17:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2018-05-08 15:15 - 2018-04-15 17:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-08 15:15 - 2018-04-15 17:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-05-08 15:15 - 2018-04-15 17:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-05-08 15:15 - 2018-04-15 17:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2018-05-08 15:15 - 2018-04-15 16:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-05-08 15:15 - 2018-04-15 16:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-05-08 15:15 - 2018-04-15 16:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-05-08 15:15 - 2018-04-15 16:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2018-05-08 15:15 - 2018-04-15 16:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-05-08 15:15 - 2018-04-15 16:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-08 15:15 - 2018-04-15 16:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-05-08 15:15 - 2018-04-15 16:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-05-08 15:15 - 2018-04-15 16:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-05-08 15:15 - 2018-04-15 16:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-05-08 15:15 - 2018-04-15 16:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-05-08 15:15 - 2018-04-15 16:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-05-08 15:15 - 2018-04-15 16:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-05-08 15:15 - 2018-04-15 16:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-05-08 15:15 - 2018-04-15 16:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-05-08 15:15 - 2018-04-15 16:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-05-08 15:15 - 2018-04-15 16:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-05-08 15:15 - 2018-04-15 16:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-05-08 15:15 - 2018-04-15 16:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-05-08 15:15 - 2018-04-15 16:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-05-08 15:15 - 2018-04-15 16:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-05-08 15:15 - 2018-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-05-08 15:15 - 2018-04-15 16:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-05-08 15:15 - 2018-04-15 16:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-05-08 15:15 - 2018-04-15 16:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-05-08 15:15 - 2018-04-15 16:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-05-08 15:15 - 2018-04-15 16:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-05-08 15:15 - 2018-04-15 16:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-05-08 15:15 - 2018-04-15 16:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-05-08 15:15 - 2018-04-15 16:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-05-08 15:15 - 2018-04-15 16:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-05-08 15:15 - 2018-04-15 16:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-05-08 15:15 - 2018-04-15 16:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-05-08 15:15 - 2018-04-15 16:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-05-08 15:15 - 2018-04-15 16:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-05-08 15:15 - 2018-04-15 16:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-05-08 15:15 - 2018-04-15 16:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-05-08 15:15 - 2018-04-15 16:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-05-08 15:15 - 2018-04-15 16:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-05-08 15:15 - 2018-04-15 16:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2018-05-08 15:15 - 2018-04-15 16:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2018-05-08 15:15 - 2018-04-15 16:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-05-08 15:15 - 2018-04-15 16:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-05-08 15:15 - 2018-04-15 16:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-05-08 15:15 - 2018-04-15 16:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2018-05-08 15:15 - 2018-04-15 16:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-05-08 15:15 - 2018-04-15 15:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-05-08 15:15 - 2017-11-26 09:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-05-08 15:14 - 2018-05-03 02:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-08 15:14 - 2018-05-03 02:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-08 15:14 - 2018-05-03 02:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-05-08 15:14 - 2018-05-03 02:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-05-08 15:14 - 2018-05-03 02:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-05-08 15:14 - 2018-05-03 02:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-05-08 15:14 - 2018-05-03 02:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-05-08 15:14 - 2018-05-03 02:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2018-05-08 15:14 - 2018-05-03 01:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll
2018-05-08 15:14 - 2018-05-03 01:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll
2018-05-08 15:14 - 2018-05-03 01:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-05-08 15:14 - 2018-05-03 01:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 15:14 - 2018-05-03 01:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 15:14 - 2018-05-03 01:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 15:14 - 2018-05-03 01:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-05-08 15:14 - 2018-05-03 01:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-05-08 15:14 - 2018-04-15 17:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2018-05-08 15:14 - 2018-04-15 17:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2018-05-08 15:14 - 2018-04-15 17:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-05-08 15:14 - 2018-04-15 17:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2018-05-08 15:14 - 2018-04-15 16:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2018-05-08 15:14 - 2018-04-15 16:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2018-05-08 15:14 - 2018-04-15 16:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2018-05-08 15:14 - 2018-04-15 16:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2018-05-08 15:14 - 2018-04-15 16:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2018-05-08 15:14 - 2018-04-15 16:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2018-05-08 15:14 - 2018-04-15 16:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-05-08 15:14 - 2018-04-15 16:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-05-08 15:14 - 2018-04-15 16:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-05-08 15:14 - 2018-04-15 16:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-05-08 15:14 - 2018-04-15 16:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2018-05-08 15:14 - 2018-04-15 16:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-05-08 15:14 - 2018-04-15 16:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2018-05-08 15:14 - 2018-04-15 16:11 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2018-05-08 15:14 - 2018-04-15 16:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2018-05-08 15:14 - 2018-04-15 16:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2018-05-08 15:14 - 2018-04-15 16:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2018-05-08 15:14 - 2018-04-15 16:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2018-05-08 15:14 - 2018-04-15 16:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-05-08 15:14 - 2018-04-15 16:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2018-05-08 15:14 - 2018-04-15 16:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-05-08 15:14 - 2018-04-15 16:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-05-08 15:14 - 2018-04-15 16:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2018-05-08 15:14 - 2018-04-15 16:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-05-08 15:14 - 2018-04-15 16:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2018-05-08 15:14 - 2018-04-15 16:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-05-08 15:14 - 2018-04-15 16:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-05-08 15:14 - 2018-04-15 16:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-05-08 15:14 - 2018-04-15 16:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2018-05-08 15:14 - 2018-04-15 16:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2018-05-08 15:14 - 2018-04-15 16:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2018-05-08 15:14 - 2018-04-15 16:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-05-08 15:14 - 2018-04-15 16:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2018-05-08 15:14 - 2018-04-15 16:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2018-05-08 15:14 - 2018-04-15 16:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2018-05-08 15:14 - 2018-04-15 16:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2018-05-08 15:14 - 2018-04-15 16:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2018-05-08 15:14 - 2018-04-15 15:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2018-05-08 15:14 - 2018-04-15 15:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-05-08 15:14 - 2018-04-15 15:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2018-05-03 13:48 - 2018-05-11 20:58 - 000607640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-04-23 22:51 - 2018-04-23 22:51 - 015813864 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup542.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-16 21:00 - 2018-03-09 11:35 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-05-16 19:58 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-16 19:56 - 2018-02-12 16:22 - 000165599 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-05-16 19:55 - 2018-02-11 17:56 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-16 19:55 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-16 19:52 - 2018-02-19 13:55 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 19:52 - 2018-02-19 13:55 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 19:51 - 2018-02-11 20:35 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2018-05-16 19:51 - 2018-02-11 19:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-16 19:50 - 2018-02-11 17:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-05-16 12:21 - 2018-02-11 19:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 09:34 - 2018-02-11 17:56 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-14 09:32 - 2018-02-11 17:51 - 000000000 ____D C:\WINDOWS\INF
2018-05-14 09:31 - 2016-09-27 20:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-11 23:03 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\rescache
2018-05-11 20:58 - 2018-03-09 12:16 - 001723552 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2018-05-11 20:58 - 2018-03-09 12:16 - 001177008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-05-11 20:58 - 2018-03-09 12:16 - 000189544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-05-11 20:58 - 2018-03-09 12:16 - 000152648 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2018-05-11 20:58 - 2018-03-09 11:41 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-05-11 20:58 - 2018-03-09 11:39 - 000246064 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2018-05-09 13:01 - 2015-11-03 15:28 - 001443080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-09 12:57 - 2018-02-11 20:35 - 000000000 ___RD C:\Users\Andrew\3D Objects
2018-05-09 12:57 - 2015-11-03 15:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-09 12:54 - 2018-02-11 19:54 - 000381872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-09 12:53 - 2018-04-05 06:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-09 12:53 - 2018-02-11 20:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-09 00:35 - 2018-02-11 17:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-09 00:32 - 2018-02-11 17:56 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-05-09 00:32 - 2018-02-11 17:37 - 000000000 ____D C:\WINDOWS\servicing
2018-05-09 00:31 - 2018-02-11 17:56 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-08 20:14 - 2018-02-11 17:42 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 19:42 - 2018-02-11 20:31 - 000000000 ____D C:\Users\Andrew
2018-05-08 15:22 - 2017-09-29 09:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-05-08 15:21 - 2017-09-29 09:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-05-08 15:21 - 2017-09-29 09:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-05-08 15:21 - 2017-09-29 09:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-05-08 15:14 - 2018-02-11 21:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 15:08 - 2018-02-11 21:45 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 15:08 - 2018-02-11 21:44 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-01 17:25 - 2018-02-11 18:01 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 17:25 - 2018-02-11 18:01 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 15:59 - 2018-02-19 13:56 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-01 15:59 - 2018-02-19 13:56 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-30 04:35 - 2016-09-27 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-28 00:47 - 2018-02-12 16:19 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2656857533-241962398-1038087689-1001
2018-04-28 00:47 - 2018-02-11 20:38 - 000002373 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-28 00:47 - 2018-02-11 20:38 - 000000000 ___RD C:\Users\Andrew\OneDrive
2018-04-23 22:59 - 2018-03-09 07:26 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-23 22:58 - 2018-03-09 07:26 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-11 21:31
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Andrew (16-05-2018 21:03:55)
Running from C:\Users\Andrew\Desktop
Windows 10 Home Version 1709 16299.431 (X64) (2018-02-12 00:27:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2656857533-241962398-1038087689-500 - Administrator - Disabled)
Andrew (S-1-5-21-2656857533-241962398-1038087689-1001 - Administrator - Enabled) => C:\Users\Andrew
DefaultAccount (S-1-5-21-2656857533-241962398-1038087689-503 - Limited - Disabled)
Guest (S-1-5-21-2656857533-241962398-1038087689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2656857533-241962398-1038087689-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 22.0.10.78 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.10.12 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.12.0219 - Lenovo)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{52DA40D6-6EF4-4B28-B501-FC538ECE638C}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{afe60883-1215-45d9-a7f6-ecda5e7fc13c}) (Version: 19.2.0 - Intel Corporation)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.054.00 - Lenovo)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2126 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2126 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.526 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-28] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E76F5C-625D-41BE-A990-9842B16DE853} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-14] (Microsoft Corporation)
Task: {274E3F3C-C415-4242-AE2C-C7FF8CFDBBC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-19] (Google Inc.)
Task: {28CE78FB-4AE3-418D-B015-E240D3B69875} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\83940c8b-b865-41b2-969c-dab1e7820363 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {293C498F-D934-4AB5-8478-79229AB1D1B3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {388F983A-CA80-440B-9AD3-767042A307B0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\036d40cd-e0c6-4bd1-9030-12b85b60e30f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {4312FE7C-159A-497A-BFC0-01CB67FDA9E8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-14] (Microsoft Corporation)
Task: {5A3CD2FB-7915-47DB-B9C7-CE3908B95D0B} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\SHAREit\SHAREit\ShareitUpdater.exe
Task: {6472B141-38FD-4557-93BC-CE6B686FF4B9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-14] (Microsoft Corporation)
Task: {69F0047B-675F-457E-B3AA-60FE4318AF63} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e8af4e25-0626-41ad-b511-97e99fdfbc0c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {74D13FE8-3DC3-4D24-9445-ED4B2D94387F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe control iMControllerService 128
Task: {77CD78FD-7573-4AF2-A66D-302A57799B55} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-01-19] (Bitdefender)
Task: {7985D974-3C81-47DC-91F6-EEC09BE9F80B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-19] (Google Inc.)
Task: {81A96802-EC2C-4FDF-97C0-64044DE2EBE7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {8F72D5C6-D9DB-469F-BBF1-D0EDC3971845} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {908A70A2-058B-4782-BF3A-89C3724B26DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {AA2BBA86-A3C9-4992-A77A-25046F2B4E4C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {AE9FA473-0C76-4B54-8628-2C5698B18CF4} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {BF304730-B486-427B-92E7-F20B692317D3} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {CDC31466-53A3-4A3F-A7EC-6BDE56749A10} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {D1C86871-8D18-4A31-99A9-36EDDF823F3E} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {D2DD1F71-CB51-49B2-AB1D-F9161BCC215F} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\SHAREit\SHAREit\ShareitPrompt.exe
Task: {E3E62DCA-0BAD-49ED-A212-EABDE279AF37} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-26] (Microsoft Corporation)
Task: {F28946C3-8FB1-4AAC-9738-868484EC0D65} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4d6e754f-0a2a-4304-ac4f-20402aae8ce5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-05 06:44 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-09-29 02:56 - 2011-08-16 23:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2018-05-03 13:48 - 2018-05-11 20:58 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-05-08 15:08 - 2018-05-08 15:08 - 000992704 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpbr.mdl
2018-05-08 15:08 - 2018-05-08 15:08 - 000543344 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpdsp.mdl
2018-05-08 15:08 - 2018-05-08 15:08 - 003228632 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttpph.mdl
2018-05-08 15:08 - 2018-05-08 15:08 - 001527808 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_02639_001\ashttprbl.mdl
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-28 01:18 - 2017-11-28 01:18 - 000401872 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-13 09:52 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 09:52 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-29 02:56 - 2011-08-16 23:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2018-05-02 08:14 - 2018-05-02 08:14 - 004165632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-02 08:14 - 2018-05-02 08:14 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-05-03 13:08 - 2018-05-03 13:09 - 066466304 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-02-11 21:38 - 2018-02-11 21:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 004173312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-04 22:43 - 2018-04-04 22:47 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 015563776 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 004018176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 003281920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 001386496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-02-11 21:30 - 2018-02-11 21:31 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-04-26 22:42 - 2018-04-26 22:44 - 000878080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-04-04 22:43 - 2018-04-04 22:47 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-05-03 13:08 - 2018-05-03 13:09 - 000165888 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-01 15:59 - 2018-04-25 23:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-01 15:59 - 2018-04-25 23:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-09-29 02:56 - 2011-05-17 16:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2656857533-241962398-1038087689-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2656857533-241962398-1038087689-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6D3201D0-9E0E-42A5-8FCF-8874BABA0F44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{ADA69636-E037-4905-A87D-22D0D3CEE93F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-05-2018 19:19:16 Scheduled Checkpoint
08-05-2018 20:09:06 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2018 08:13:04 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/15/2018 10:15:17 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/15/2018 01:17:26 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/14/2018 12:32:55 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/13/2018 01:33:51 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/11/2018 09:03:17 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
Error: (05/11/2018 09:03:17 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
Error: (05/11/2018 08:32:18 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (05/16/2018 08:46:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-665J7J4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-665J7J4\Andrew SID (S-1-5-21-2656857533-241962398-1038087689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 08:46:18 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-665J7J4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-665J7J4\Andrew SID (S-1-5-21-2656857533-241962398-1038087689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:56:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-665J7J4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-665J7J4\Andrew SID (S-1-5-21-2656857533-241962398-1038087689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:55:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-665J7J4)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-665J7J4\Andrew SID (S-1-5-21-2656857533-241962398-1038087689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:51:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:51:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:51:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/16/2018 07:51:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-03-09 09:47:58.040
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-09 09:32:15.730
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.263.387.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-09 09:03:01.306
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-09 09:03:01.305
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 116.1.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2018-03-09 09:03:01.288
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-05-11 21:03:22.753
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\vsservppl.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\agentctrl.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-04-14 14:02:22.460
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-14 14:02:21.128
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-14 14:01:47.510
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-14 14:01:45.547
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-14 14:01:34.796
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-14 14:01:33.945
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-05 06:45:00.560
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU J3710 @ 1.60GHz
Percentage of memory in use: 71%
Total physical RAM: 3970.39 MB
Available physical RAM: 1147.07 MB
Total Virtual: 6297.47 MB
Available Virtual: 2682.75 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:433.92 GB) (Free:391.19 GB) NTFS
 
\\?\Volume{a56ecfb8-5f04-48ad-9b1c-ec9b92022910}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{764ccc09-773b-4521-834a-aa7476f60af1}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{bf34f2a2-5df1-4cc2-b8c6-a002dd4dd3a0}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:16.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 45395239)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 16 May 2018 - 09:41 PM

Also, just to be absolutely clear...before reading your response there have been plenty of scans with cleaners and anti-virus scanners. (Only one on my computer at a time)..but since reading your suggestions, I have refrained from running scans entirely and only done the FRST scan. 



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 17 May 2018 - 04:27 AM

Andrew:

 

Thank you for your posts and for copying, pasting, and posting your FRST scan logs.  Thank you also for permission to address you by your first name! :thumbup2:

 

Unfortunately, I have a large rural property that has to be mowed today, and which takes the entire day.  It will probably be tomorrow before I can analyze your FRST scan logs.  I also have other clients on the go in this Forum and I can only devote so many hours a day to this volunteer work. :(

 

Thank you for your patience and understanding.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 17 May 2018 - 06:09 AM

Andrew:

Thank you for your patience while I analyzed your FRST logs.  Luckily I got enough time this morning before starting the mowing to analyze your logs. :)

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\jmesoft\Service.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
EmptyTemp:
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 18 May 2018 - 10:17 AM

Hi there Phil,  :)

Upon your second warning to backup my data on an external drive with an extra caution that malware can be unpredictable when running this scanning software, I have decided I might like to keep a few files. Mostly picture files and a text file.

 

I downloaded and installed Cobian backup, followed the directions to back up my files to a USB stick that already has my cleaning programs and Anti-virus on it, but I notice on the USB drive I see the folder names that I chose to back up with the year, today's date, and the following "10;06;26 (Full) for one of my picture folders (all three have different sequences)....I have two picture folders that have folders within folders and I notice the first folder titles that I see when I initially load the USB drive are not zipped except for my text document. (Which I selected "Zipped Compression" and "Compress Individually")

 

If that isn't odd enough, I also notice that Cobian has informed me twice that the files finished backing up and have now placed a second series of folders for the picture files...(but not my text document...there is still only one of these) and the first sets of folders for my pictures say "Full" at the end of the directory name where the second set said "Incremental" at the end of the directory name (which I'm pretty sure is the backup type that I selected) and showed up as I was finishing this post. But I only did one backup...eek!  :huh:

 

 

1.) I thought that I had selected "Incremental" when configuring my backup, so why did I have picture folders that first said "(Full)" at the end of the directory names, but now I have a second series of the same files that say "Incremental" at the end of the directory names? 

 

2.) Why did it add a second set of backup folders far apart from the first backup?

 

3.) Without clicking the actual folders on my USB drive, why might it appear that my text document is the only zipped file?

 

4.) If I was to double click the picture folders within folders, would I eventually find zipped files?

 

5.) If there is potentially malware on this computer, or some other kind of nasty bug, why would it be recommended to move the files from my computer to another external device such as a USB drive? Would this not essentially infect the USB drive and keep the virus/bug alive?

 

I also thought it might be interesting to note that while making sure that my firewall is enabled before running the FRST scan, I noticed it says "Private networks: Not connected"

"Guest or public networks: Connected"

"Networks in public places such as airports or coffee shops"

"Windows Defender Firewall state: On"

 

6.) I find this to be interesting because I have to enter a password to get into my network, that has been supplied to me by my internet provider. Am I not in my own private network?   :huh: Is this something to be concerned about?

 

Thanks again for all your help.

 

**ArchimedesNose**


Edited by ArchimedesNose, 18 May 2018 - 10:22 AM.


#9 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 18 May 2018 - 10:32 AM

Side note: I think it's important to mention the second backup that was stated as being "(incremental)", appeared on my jump drive long after I had closed Cobian after the first backup said it completed.


Edited by ArchimedesNose, 18 May 2018 - 10:35 AM.


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 18 May 2018 - 11:52 AM

Andrew:

 

Thank you for your posts.  Unfortunately, I have no knowledge of how Cobian Backup works.  I personally use paid versions of both Macrium Reflect 7.1 and  Easeus Todo Backup Home 10.6, alternating weekly, and I only do full system images, not file/folder, differential, incremental, or any other variant of backup.  You could check out the Cobian website or the help file if you have questions about how the program backs up files/folders and drives.

 

My general understanding of incremental backups is that there must be a full backup of the target files/folders/drives created initially when one activates an incremental backup.  Subsequent incremental backups only backup files that have changed since the most recent incremental backup, which if it was the first incremental backup, would be a full backup.  The third incremental backup, after the second incremental, only backs the files that have changed since the second incremental backup, so on.  Essentially you have one big chain eventually and if there is a break in the chain (one of the incremental backup files goes bad), you are up the creek in terms of being able to successfully recover everything at any specific point in time following the "bad" incremental backup file.

 

I am not sure because you don't say, which program is reporting that you are not on a private network, which, for many, is normally a VPN (Virtual Private Network).  Companies and government agencies also use VPNs.  Personally, I don't use a VPN, so my Bitdefender 2018 Total Security Firewall allows me to select "Public" or "Home/Office" settings.  One would use "Public" when in public places.  This is actually more secure because the Firewall restricts discovery and is more diligent about scanning for issues than it is under the "Home/Office" setting, which is a kind of "trusted" network.

 

Personally, I am not concerned about that report, but, as I said, I don't know which application is reporting that information to you.

 

All of that said, nothing in my FRST "fixlist" script should damage your computer or its files; however, it is always strongly recommended that you have recent backups of all important information because things can go south with a computer very quickly and without warning; hence, why my practice is to fully image both of my computers on a weekly basis, and to always backup changed files, when they are changed, to external media immediately.  I also protect myself by using both Bitdefender 2018 Total Security and Malwarebytes Premium 3.5.1. as my security solutions.  Knock on wood, but I have been using computers since 1988 and I have never suffered a successful malware attack on either of my computers.

 

So, I would recommend that you make sure that you have backed up your important files to external media, and then please run the FRST "fixlist" script that I requested.

 

I am going offline now to do my weekly backups.  Be back tomorrow.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 19 May 2018 - 10:37 AM

Good morning Phil, 

I hope you are doing well today!  :wink:  :thumbsup2:

 

Andrew:

 

I have no knowledge of how Cobian Backup works. You could check out the Cobian website or the help file if you have questions about how the program backs up files/folders and drives.

 

My general understanding of incremental backups is that there must be a full backup of the target files/folders/drives created initially when one activates an incremental backup. 

 

I understand that you are not familiar with Cobian Backup, and can also accept the idea that a full backup is required before an incremental backup can be made, but there is still an inconsistency with that because the text document did not back up twice while the folders full of pictures did...lol 
I will be looking for info on backing up my computer further down the line, but for now I am more concerned about why I have received this weird error message shortly after
noticing reports of phishing attempts from my Bitdefender free anti-virus.
 
With this in mind: If there is a possibility that malware could be on my computer, why would it be recommended to move files from this computer onto a clean jump drive? Wouldn't my computer potentially infect its files and the USB stick as well?
 

 

I am not sure because you don't say, which program is reporting that you are not on a private network, which, for many, is normally a VPN (Virtual Private Network). 

 
I assume Windows is reporting it. The preparation instructions you supplied in your first post to this thread suggested to make sure I had a Firewall enabled by activating my Windows Control Panel. So, I held down the Windows key on my keyboard and pressed "R" and then typed "Control Panel"...clicked "System and Security"..."Windows Defender Firewall" and it reports the following:
 
Private networks: Not connected
Guest or public networks: Connected
Netorks in public places such as airports or coffee shops
Windows Defender Firewall state: On
Incoming connections: Block all connections to apps that are not on the list of allowed apps
Active public networks: (The name of one of two networks that were supplied to me by my Internet service provider)
Notification state: Notify me when Windows Defender Firewall blocks a new app
 
I followed your directions and copied that script and clicked "fix"...the computer did restart and I do have a fixlog which I will post right after I finish this one.  :)
 
**ArchimedesNose**
 

Edited by ArchimedesNose, 19 May 2018 - 10:42 AM.


#12 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 19 May 2018 - 10:41 AM

Okay, the fixlog is as follows:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Andrew (19-05-2018 10:04:02) Run:1
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available Profiles: Andrew)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\jmesoft\Service.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Windows\jmesoft\Service.exe ========================
 
C:\Windows\jmesoft\Service.exe
File not signed
MD5: E2CFDA7E9606FD5ECAB93E4817414661
Creation and modification date: 2016-09-29 02:56 - 2011-08-16 23:46
Size: 000032768
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60743613 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4358763 B
Edge => 11264 B
Chrome => 455134325 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Andrew => 20619771 B
 
RecycleBin => 0 B
EmptyTemp: => 523.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:06:17 ====


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 19 May 2018 - 11:41 AM

Andrew:
 
Thank you for your posts and for running and posting the contents of the FRST "fixlog.txt" file.  It looks good! :thumbup2: I am not seeing, so far, any evidence of any malware, based on your FRST scan logs, so that is good news!

 

As I told you previously, I am not concerned about the Windows Defender Firewall report.  It looks normal to me.

I want to now run some standard anti-malware scans to check for possible malware that the FRST scans may not have detected.
 
If you are concerned about infecting a USB drive, then please "immunize" the USB flash drive(s).

.

:step1: Bitdefender USB Immunizer
--------------------------------

  • Please copy whatever files are currently on the USB flash drive to another one, or to your computer, and then format the USB drive.
  • Be sure to immunize your USB flash drive first, so that the other computer does not potentially become infected.
  • Instructions for immunizing a USB flash drive can be found at this link.
  • The red download button is located towards the top of the screen on the right side. It states: Ready to Download and then immediately below that is the black Download button.
  • Click the Download button to download the USB immunizer file.
  • Plug in your formatted USB flash drive and launch the Bitdefender USB Immunizer application.
  • Select the flash drive and click it to start the immunization process.
  • After the process completes, copy the files to be submitted to VirusTotal to your newly immunized USB flash drive.
  • You can then plug your USB flash drive into another computer to safely upload the files to VirusTotal.

.

:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: You are running an older version of Malwarebytes.

Please run a Malwarebytes Anti-Malware scan for me with the newest version of Malwarebytes (3.5.1.).

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#14 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 AM

Posted 22 May 2018 - 01:43 AM

Hello Phil,

 

I am having trouble configuring my Bitdefender to not be recognized by the Eset scanner. The instructions you linked for me that detail how to disable my anti-virus are not exactly the same as what I am seeing on my version of Bitdefender. When I launch my Bitdefender anti-virus, I don't see anything labeled "virus shield." Instead I see previous system scans and web threats that have been blocked. When I click on a gear icon located next to the minimize and maximize buttons in the upper right hand corner, click "Protection" I see something that says "Protection Shield" with a blue "On" switch...When I click the switch, it becomes a black switch that says "Off," and I immediately get a warning that says "Product Status your system is at risk"

 

So...thinking that I have successfully turned it off I launch the eset scanner and underneath the "enable" or "disable" the detection of any unwanted applications, the program begins searching for any conflicting programs that may interfere and then red flags my Bitdefender. There is a prompt that says..."Another antivirus software was detected. This may affect the performance and quality of the scan."

 

When I click "Show List" it says

 

 

Vendor: Product

BitDefender: Bitdefender Antivirus Free Edition

 

 

I'm not sure what else to do...did I miss something here? lol I tried asking a question of how to do it in a Google search, and found nothing helpful either, since I don't want to click into a bunch of websites until we've finished here.

 

I already scanned with the eset program once and realized I hadn't set the other advanced configurations yet, so upon starting the process over again I realize it may not have been fully turned off in the first place...eek?!?

 

**ArchimedesNose** 



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:48 PM

Posted 22 May 2018 - 09:38 AM

Andrew:
 
Thank you for your post.  You can follow the instructions here to disable Bitdefender Free, which it sounds like you may have already tried.
 
If ESET continues to "complain", please just run the ESET scan anyways, and follow it with a Bitdefender Free "system scan", if it has such a feature.  I don't want just a "Quick Scan."  You have me at a disadvantage because I use Bitdefender 2018 Total Security so the GUI and options are quite different from the Free version.
 
Please also do the Malwarebytes after the anti-virus scan(s) are completed, and post the results.
 
Thank you and have a great day.
 
Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users