Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitcoinminer


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mars12

Mars12

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 22 May 2018 - 09:38 AM

I have bitcoinminer on my phone and on my other devices at home. And on my computer, the internet connection is great but sometimes my connection continuing going in and out. I have been dealing with this for a long time. And I think it on my smart light bulb too. I will be most appreciate if you can you help?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 23 May 2018 - 06:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 Mars12

Mars12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 24 May 2018 - 12:54 AM

Sorry for replying so late I know your help and time is precious. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by marsha (administrator) on MARS (24-05-2018 01:33:58)
Running from C:\Users\marsha\Downloads
Loaded Profiles: marsha (Available Profiles: marsha)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\marsha\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgconverter.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(TorchMedia Inc.) C:\Users\marsha\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Update\60.0.0.1508\TorchUpdate.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\marsha\AppData\Local\Torch\Application\torch.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2018-02-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [452032 2018-05-16] (Bitdefender)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [353056 2018-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1270560 2018-02-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2841095455-3161076074-2937936481-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-2841095455-3161076074-2937936481-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2018-05-19]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{71843535-4818-4CBE-A96A-BB1C8F115FF9}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2841095455-3161076074-2937936481-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2841095455-3161076074-2937936481-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {102CB41D-5D8F-4D70-B1F8-189656A16459} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {102CB41D-5D8F-4D70-B1F8-189656A16459} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2841095455-3161076074-2937936481-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2841095455-3161076074-2937936481-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2841095455-3161076074-2937936481-1001 -> {102CB41D-5D8F-4D70-B1F8-189656A16459} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-16] (Bitdefender)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2018-02-28] (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2018-02-28] (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-16] (Bitdefender)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-16] (Bitdefender)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
 
FireFox:
========
FF DefaultProfile: nktf99cg.default-1517066478543
FF ProfilePath: C:\Users\marsha\AppData\Roaming\Mozilla\Firefox\Profiles\nktf99cg.default-1517066478543 [2018-05-24]
FF Extension: (uBlock Origin) - C:\Users\marsha\AppData\Roaming\Mozilla\Firefox\Profiles\nktf99cg.default-1517066478543\Extensions\uBlock0@raymondhill.net.xpi [2018-05-17]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2018-01-18]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-01-18] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @real.com/nppl3260;version=18.1.11.204 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2018-05-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.11.204 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2018-05-19] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default [2018-05-03]
CHR Extension: (Slides) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
CHR Extension: (Docs) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-24]
CHR Extension: (Adblock Plus) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-03]
CHR Extension: (Adobe Acrobat) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-16]
CHR Extension: (Sheets) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2137280 2018-05-01] (Bitdefender)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [107680 2018-02-19] (Bitdefender)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1278584 2017-10-31] (Bitdefender)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [37104 2018-02-28] (RealNetworks, Inc.)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [989912 2018-05-19] (RealNetworks, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2018-02-22] (Realtek Semiconductor)
R2 TorchCrashHandler; C:\Users\marsha\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217216 2018-02-01] (TorchMedia Inc.) <==== ATTENTION
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-16] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-16] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1177008 2018-05-16] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1723552 2018-05-16] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23032 2018-05-16] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-05-16] (BitDefender LLC)
R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [45104 2018-05-16] (© Bitdefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [96448 2018-05-16] (BitDefender)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [189544 2018-05-16] (BitDefender LLC)
R0 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [191592 2018-05-16] (Bitdefender)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-05-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [103648 2018-05-24] (Malwarebytes)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2018-02-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [6393856 2016-12-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [437304 2018-05-16] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (HP)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-23] (HP)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-24 01:33 - 2018-05-24 01:35 - 000022866 _____ C:\Users\marsha\Downloads\FRST.txt
2018-05-24 01:33 - 2018-05-24 01:33 - 000000000 ____D C:\FRST
2018-05-24 01:31 - 2018-05-24 01:31 - 002413056 _____ (Farbar) C:\Users\marsha\Downloads\FRST64.exe
2018-05-24 01:25 - 2018-05-24 01:25 - 000002134 _____ C:\Users\marsha\Desktop\Free Games.lnk
2018-05-24 01:25 - 2018-05-24 01:25 - 000001208 _____ C:\Users\marsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2018-05-24 01:25 - 2018-05-24 01:25 - 000001200 _____ C:\Users\marsha\Desktop\Torch.lnk
2018-05-24 01:25 - 2018-05-24 01:25 - 000000000 ____D C:\ProgramData\TorchCrashHandler
2018-05-24 01:22 - 2018-05-24 01:22 - 001668496 _____ (Torch Media, Inc) C:\Users\marsha\Downloads\TorchSetup-r20-n-bf.exe
2018-05-24 01:14 - 2018-05-24 01:14 - 000003210 _____ C:\Users\marsha\Desktop\AdwCleaner[C00].txt
2018-05-24 00:31 - 2018-05-24 00:59 - 000000000 ____D C:\AdwCleaner
2018-05-24 00:30 - 2018-05-24 00:30 - 007271632 _____ (Malwarebytes) C:\Users\marsha\Downloads\adwcleaner_7.1.1.exe
2018-05-24 00:23 - 2018-05-24 00:23 - 000001286 _____ C:\Users\marsha\Desktop\file1.txt
2018-05-24 00:08 - 2018-05-24 01:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-24 00:08 - 2018-05-24 01:17 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-24 00:08 - 2018-05-24 01:17 - 000103648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-24 00:08 - 2018-05-24 01:17 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-24 00:08 - 2018-05-24 00:08 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-24 00:08 - 2018-05-24 00:08 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-24 00:08 - 2018-05-24 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-24 00:08 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-24 00:07 - 2018-05-24 00:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-24 00:07 - 2018-05-24 00:07 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-23 23:25 - 2018-05-23 23:25 - 075629776 _____ (Malwarebytes ) C:\Users\marsha\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5188.exe
2018-05-22 14:41 - 2018-05-22 14:41 - 000125820 _____ C:\Users\marsha\Downloads\The Ancient Priestly Prayer of the Blessing - Warren Marcus[via torchbrowser.com] (1).mp4
2018-05-22 14:12 - 2018-05-22 14:12 - 000003360 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2841095455-3161076074-2937936481-1001
2018-05-22 14:04 - 2018-05-22 14:04 - 000049260 _____ C:\ProgramData\dm.update.1527012175.bdinstall.bin
2018-05-22 13:25 - 2018-04-07 12:48 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-05-22 13:25 - 2018-04-07 12:47 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-05-22 13:25 - 2018-04-07 12:43 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-05-22 13:25 - 2018-04-07 12:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-05-22 13:25 - 2018-04-07 11:34 - 002255360 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-05-22 13:25 - 2018-04-07 11:15 - 001942016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-05-22 13:25 - 2018-04-05 13:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys
2018-05-22 13:25 - 2018-04-05 13:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\NetVscCoinstall.dll
2018-05-22 13:25 - 2018-03-28 21:33 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-05-22 13:25 - 2018-03-28 21:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-05-22 13:25 - 2018-03-28 21:06 - 002608640 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-05-22 13:25 - 2018-03-28 21:05 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-05-22 13:25 - 2018-03-28 20:26 - 002170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2018-05-22 13:25 - 2018-03-28 20:24 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2018-05-21 11:02 - 2018-05-21 11:02 - 031742081 _____ C:\Users\marsha\Downloads\Decree and Recover![via torchbrowser.com].mp4
2018-05-21 11:02 - 2018-05-21 11:02 - 003431611 _____ C:\Users\marsha\Downloads\Decree and Recover![via torchbrowser.com].aac
2018-05-21 02:31 - 2018-05-21 02:31 - 000000000 ____D C:\Users\marsha\Desktop\New folder
2018-05-21 02:12 - 2018-05-21 02:12 - 002051274 _____ C:\Users\marsha\Downloads\godhasyourmiracle_pdfbook (1).pdf
2018-05-21 02:11 - 2018-05-21 02:11 - 002025632 _____ C:\Users\marsha\Downloads\lovelettersfromheavenpdfbook.pdf
2018-05-21 02:11 - 2018-05-21 02:11 - 001626508 _____ C:\Users\marsha\Downloads\buildyourfinancialfoundation_0 (1).pdf
2018-05-21 02:11 - 2018-05-21 02:11 - 001560527 _____ C:\Users\marsha\Downloads\receive_as_a_child_pdfbook.pdf
2018-05-21 02:10 - 2018-05-21 02:10 - 002093814 _____ C:\Users\marsha\Downloads\howtoreceivecommunion_pdfbook.pdf
2018-05-21 02:10 - 2018-05-21 02:10 - 001482539 _____ C:\Users\marsha\Downloads\tune_into_the_voice_of_god_book (1).pdf
2018-05-21 02:09 - 2018-05-21 02:09 - 001626508 _____ C:\Users\marsha\Downloads\buildyourfinancialfoundation_0.pdf
2018-05-21 02:09 - 2018-05-21 02:09 - 001482539 _____ C:\Users\marsha\Downloads\tune_into_the_voice_of_god_book.pdf
2018-05-21 02:08 - 2018-05-21 02:08 - 002051274 _____ C:\Users\marsha\Downloads\godhasyourmiracle_pdfbook.pdf
2018-05-21 02:08 - 2018-05-21 02:08 - 001771980 _____ C:\Users\marsha\Downloads\thissamejesuspdfbook.pdf
2018-05-20 01:39 - 2018-05-20 01:39 - 000000000 ____D C:\Users\marsha\.cache
2018-05-19 21:45 - 2018-05-19 22:40 - 000000000 ____D C:\Users\marsha\Desktop\Receiving Healing From The Courts Of Heaven
2018-05-19 20:34 - 2018-05-19 20:34 - 000003402 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2018-05-19 20:34 - 2018-05-19 20:34 - 000000000 ____D C:\Users\marsha\AppData\Local\Real
2018-05-19 20:34 - 2018-05-19 20:34 - 000000000 ____D C:\Users\marsha\AppData\Local\CrashRpt
2018-05-19 20:32 - 2018-05-19 20:32 - 000003340 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2841095455-3161076074-2937936481-1001
2018-05-19 20:32 - 2018-05-19 20:32 - 000003288 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2841095455-3161076074-2937936481-1001
2018-05-19 20:32 - 2018-05-19 20:32 - 000001231 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2018-05-19 20:32 - 2018-05-19 20:32 - 000000000 ____D C:\Users\marsha\AppData\Roaming\RealNetworks
2018-05-19 20:31 - 2018-05-19 20:31 - 000207648 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2018-05-19 20:31 - 2018-05-19 20:31 - 000000000 ____D C:\ProgramData\RealNetworks
2018-05-19 20:30 - 2018-05-19 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2018-05-19 20:30 - 2018-05-19 20:30 - 000285472 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2018-05-19 20:26 - 2018-05-19 20:32 - 000000000 ____D C:\Program Files (x86)\Real
2018-05-19 20:26 - 2018-05-19 20:26 - 000512288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2018-05-19 20:26 - 2018-05-19 20:26 - 000360736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2018-05-19 20:24 - 2018-05-19 20:42 - 000000000 ____D C:\Users\marsha\AppData\Roaming\Real
2018-05-19 20:22 - 2018-05-19 20:34 - 000000000 ____D C:\ProgramData\Real
2018-05-19 20:21 - 2018-05-19 20:21 - 001184928 _____ (RealNetworks, Inc.) C:\Users\marsha\Downloads\RealTimes-RealPlayer.exe
2018-05-09 20:22 - 2018-05-09 20:22 - 066450747 _____ C:\Users\marsha\Downloads\4 Quick & Easy Hairstyles for Short Hair[via torchbrowser.com].mp4
2018-05-09 20:22 - 2018-05-09 20:22 - 007817508 _____ C:\Users\marsha\Downloads\4 Quick & Easy Hairstyles for Short Hair[via torchbrowser.com].aac
2018-05-09 07:38 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-09 07:38 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-09 07:38 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-09 07:38 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-09 07:38 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-09 07:38 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-09 07:38 - 2018-03-24 10:56 - 007033344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-05-09 07:38 - 2018-03-24 10:54 - 006214144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-05-09 07:37 - 2018-04-22 05:02 - 000803696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-09 07:37 - 2018-04-22 04:06 - 000612600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-09 07:37 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-09 07:37 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-09 07:37 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-09 07:37 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-09 07:37 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-09 07:37 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-09 07:37 - 2018-04-22 02:57 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-05-09 07:37 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-09 07:37 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-09 07:37 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-09 07:37 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-09 07:37 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-09 07:37 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-09 07:37 - 2018-04-22 02:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-05-09 07:37 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-09 07:37 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-09 07:37 - 2018-04-22 02:27 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-09 07:37 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-09 07:37 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-09 07:37 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-09 07:37 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-09 07:37 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-09 07:37 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-09 07:37 - 2018-04-15 12:55 - 000669696 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-09 07:37 - 2018-04-15 12:16 - 000536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-09 07:37 - 2018-04-10 21:03 - 007406936 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-09 07:37 - 2018-04-10 21:02 - 001676056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-09 07:37 - 2018-04-10 21:02 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-09 07:37 - 2018-04-10 14:51 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-09 07:37 - 2018-04-10 14:27 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2018-05-09 07:37 - 2018-04-10 14:13 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-09 07:37 - 2018-04-10 13:01 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2018-05-09 07:37 - 2018-04-10 12:50 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-09 07:37 - 2018-04-07 12:17 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-09 07:37 - 2018-04-07 11:49 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-09 07:37 - 2018-04-07 11:41 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-09 07:37 - 2018-04-07 11:23 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-09 07:37 - 2018-04-07 11:20 - 001707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-09 07:37 - 2018-04-07 11:10 - 001344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-09 07:37 - 2018-04-07 11:06 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-05-09 07:37 - 2018-04-07 11:01 - 000414720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-05-09 07:37 - 2018-04-06 17:27 - 000376656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-05-09 07:37 - 2018-03-24 11:57 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2018-05-09 07:37 - 2018-03-24 11:40 - 001171456 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-05-09 07:37 - 2018-03-24 11:34 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2018-05-09 07:37 - 2018-03-24 11:22 - 001086976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2018-05-09 07:37 - 2018-03-15 18:29 - 000136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-05-09 07:37 - 2018-03-10 16:55 - 000137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-09 07:37 - 2018-03-10 15:04 - 000120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-09 07:37 - 2018-03-10 13:47 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-05-09 07:37 - 2018-03-10 13:47 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-05-09 07:37 - 2018-03-10 13:43 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2018-05-09 07:37 - 2018-03-10 12:46 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2018-05-09 07:37 - 2018-03-10 12:44 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-09 07:37 - 2018-03-10 12:35 - 000696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2018-05-09 07:37 - 2018-03-10 12:35 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-09 07:37 - 2018-03-10 12:33 - 003717632 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-09 07:37 - 2018-03-10 12:22 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-05-09 07:37 - 2018-03-10 12:21 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-05-09 07:37 - 2018-03-10 12:21 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-05-09 07:37 - 2018-03-10 12:20 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-05-09 07:37 - 2018-03-10 12:18 - 000726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-09 07:37 - 2018-03-10 12:18 - 000409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2018-05-09 07:37 - 2018-03-10 12:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-05-09 07:37 - 2018-03-10 12:18 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-05-09 07:37 - 2018-03-10 12:17 - 002240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-05-09 07:37 - 2018-03-10 12:17 - 000897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-09 07:37 - 2018-03-09 14:57 - 000276816 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-05-09 07:37 - 2018-03-03 12:24 - 001725952 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2018-05-09 07:37 - 2018-03-03 12:18 - 000894976 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2018-05-09 07:37 - 2018-03-03 12:18 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll
2018-05-09 07:37 - 2018-03-03 12:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2018-05-09 07:37 - 2018-03-03 12:04 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2018-05-09 07:37 - 2018-03-03 12:04 - 000265728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcuiu.dll
2018-05-09 07:37 - 2018-02-14 17:45 - 001308336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-09 07:37 - 2018-02-14 10:47 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-01 08:05 - 2018-05-01 08:05 - 000002141 _____ C:\Users\Public\Desktop\Bitdefender Vpn.lnk
2018-05-01 07:49 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-01 07:49 - 2018-03-22 16:29 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-01 07:49 - 2018-03-10 13:50 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-01 07:49 - 2018-03-09 20:16 - 001549136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-05-01 07:49 - 2018-03-09 20:16 - 000388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-05-01 07:49 - 2018-03-09 17:20 - 001737592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-01 07:49 - 2018-03-09 17:20 - 001500424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-01 07:49 - 2018-03-09 17:20 - 001371344 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-05-01 07:49 - 2018-03-09 17:20 - 000418640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-01 07:49 - 2018-03-09 15:59 - 000121168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-05-01 07:49 - 2018-03-09 10:52 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-05-01 07:49 - 2018-03-09 10:52 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-05-01 07:49 - 2018-03-09 10:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-05-01 07:49 - 2018-03-09 10:52 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-05-01 07:49 - 2018-03-08 14:15 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-01 07:49 - 2018-03-08 14:14 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-01 07:49 - 2018-03-08 10:21 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-05-01 07:49 - 2018-03-07 19:46 - 000202576 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-05-01 07:49 - 2018-03-07 19:42 - 000174928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-05-01 07:49 - 2018-03-07 15:28 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-05-01 07:49 - 2018-03-07 14:26 - 000053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-05-01 07:49 - 2018-03-03 13:44 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-05-01 07:49 - 2018-03-03 13:04 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-05-01 07:49 - 2018-02-16 11:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-01 07:49 - 2018-02-16 11:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-01 07:49 - 2018-02-16 11:28 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-05-01 07:49 - 2018-02-16 11:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-01 07:49 - 2018-02-16 11:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-01 07:49 - 2018-02-16 10:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-01 07:49 - 2018-02-16 10:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-01 07:49 - 2018-02-10 16:24 - 000178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-01 07:49 - 2018-02-10 15:29 - 000274272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-05-01 07:49 - 2018-02-10 15:29 - 000124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-05-01 07:49 - 2018-02-10 15:29 - 000065888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-05-01 07:49 - 2018-02-10 15:29 - 000062304 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-05-01 07:49 - 2018-02-10 15:29 - 000021856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-05-01 07:49 - 2018-02-10 15:29 - 000017240 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-05-01 07:49 - 2018-02-10 15:25 - 000533856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-05-01 07:49 - 2018-02-10 15:06 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-05-01 07:49 - 2018-02-10 13:50 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-01 07:49 - 2018-02-10 13:26 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-05-01 07:49 - 2018-02-10 13:09 - 003757056 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-05-01 07:49 - 2018-02-10 13:03 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-05-01 07:49 - 2018-02-10 13:01 - 000617472 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-05-01 07:49 - 2018-02-10 12:59 - 000404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-05-01 07:49 - 2018-02-10 12:48 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-01 07:49 - 2018-02-10 12:46 - 002412544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-05-01 07:49 - 2018-02-10 12:44 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-01 07:49 - 2018-02-10 12:30 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-01 07:49 - 2018-02-09 21:29 - 000531632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-05-01 07:49 - 2018-02-09 21:25 - 001137872 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-01 07:49 - 2018-02-09 13:21 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-01 07:49 - 2018-02-08 14:53 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2018-05-01 07:49 - 2018-02-08 14:22 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2018-05-01 07:49 - 2018-02-08 14:18 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2018-05-01 07:49 - 2018-02-08 14:03 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2018-05-01 07:49 - 2018-02-08 13:49 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-05-01 07:49 - 2018-02-08 13:42 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2018-05-01 07:49 - 2018-02-08 13:42 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2018-05-01 07:49 - 2018-02-08 13:40 - 001096192 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-05-01 07:49 - 2018-02-08 13:38 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-05-01 07:49 - 2018-02-08 13:37 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-05-01 07:49 - 2018-02-08 13:27 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-05-01 07:49 - 2018-02-08 13:24 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-05-01 07:49 - 2018-02-08 13:03 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2018-05-01 07:49 - 2018-02-08 13:03 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-05-01 07:49 - 2018-02-08 12:57 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-05-01 07:49 - 2018-02-02 16:42 - 003320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-01 07:49 - 2018-02-02 15:24 - 003610112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-05-01 07:49 - 2018-01-25 10:19 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-01 07:49 - 2018-01-25 10:14 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-25 16:51 - 2018-03-16 14:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-25 16:51 - 2018-03-14 09:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-25 16:51 - 2018-03-14 09:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-25 16:51 - 2018-03-14 09:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-24 01:30 - 2018-01-24 01:01 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2841095455-3161076074-2937936481-1001
2018-05-24 01:26 - 2018-01-25 19:27 - 000000000 ____D C:\Users\marsha\AppData\LocalLow\Mozilla
2018-05-24 01:25 - 2018-01-24 22:08 - 000002134 _____ C:\Users\marsha\Desktop\Free Music.lnk
2018-05-24 01:25 - 2018-01-24 22:05 - 000000000 ____D C:\Users\marsha\AppData\Local\Torch
2018-05-24 01:20 - 2018-01-24 00:58 - 000000000 ____D C:\Users\marsha\Documents\Youcam
2018-05-24 01:20 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-05-24 01:19 - 2018-01-24 01:30 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-05-24 01:18 - 2018-01-24 01:04 - 000000000 ___RD C:\Users\marsha\OneDrive
2018-05-24 01:16 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-24 01:15 - 2018-01-25 03:03 - 000009245 _____ C:\bdlog.txt
2018-05-24 00:09 - 2018-02-06 12:47 - 000000000 ____D C:\Users\marsha\AppData\Local\CrashDumps
2018-05-23 23:49 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-23 23:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2018-05-23 23:49 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2018-05-23 23:24 - 2018-01-24 01:19 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C1F9CC45-4FF0-4E23-928C-0803E93880F1}
2018-05-23 23:23 - 2018-03-02 12:09 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-22 19:34 - 2018-01-27 11:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-22 19:34 - 2018-01-27 11:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-22 19:13 - 2018-01-27 11:17 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-22 19:11 - 2018-02-20 10:04 - 000000000 ____D C:\Users\marsha\AppData\Roaming\vlc
2018-05-22 14:09 - 2014-03-18 05:53 - 000957952 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-22 14:09 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-05-22 13:57 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-22 13:30 - 2018-02-06 00:33 - 000000000 ____D C:\Users\marsha\Documents\My Kindle Content
2018-05-22 11:50 - 2018-04-15 16:02 - 000003162 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormarsha
2018-05-22 11:50 - 2018-04-15 16:02 - 000000346 _____ C:\Windows\Tasks\HPCeeScheduleFormarsha.job
2018-05-20 01:39 - 2018-01-24 00:55 - 000000000 ____D C:\Users\marsha
2018-05-17 23:28 - 2018-01-24 01:22 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 23:28 - 2018-01-24 01:22 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-17 23:14 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2018-05-17 17:54 - 2018-01-24 01:25 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-17 17:54 - 2018-01-24 01:25 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-16 13:58 - 2013-08-22 10:44 - 000354104 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-16 13:14 - 2018-01-24 01:35 - 001177008 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2018-05-16 13:13 - 2018-01-24 01:35 - 000096448 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2018-05-16 13:12 - 2018-01-24 01:35 - 001723552 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2018-05-16 13:10 - 2018-03-02 12:09 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-16 13:10 - 2018-01-24 01:32 - 000437304 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2018-05-16 13:08 - 2018-01-24 01:35 - 000191592 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2018-05-16 13:07 - 2018-01-24 01:36 - 000023032 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2018-05-16 13:06 - 2018-01-24 01:35 - 000045104 _____ (© Bitdefender SRL) C:\Windows\system32\Drivers\bdprivmon.sys
2018-05-16 13:06 - 2018-01-24 01:33 - 000189544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2018-05-09 07:54 - 2018-01-24 15:02 - 000000000 ____D C:\Windows\system32\MRT
2018-05-09 07:42 - 2018-01-24 15:02 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-09 07:42 - 2018-01-24 15:02 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-03 18:31 - 2018-02-06 10:52 - 000002243 _____ C:\Users\marsha\Desktop\Kindle.lnk
2018-05-03 09:39 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2018-05-02 21:11 - 2018-01-24 00:55 - 000000000 ____D C:\Users\marsha\AppData\Local\Packages
2018-05-01 08:58 - 2018-03-02 11:46 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-05-01 08:00 - 2018-01-25 02:53 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-30 18:39 - 2018-01-25 18:40 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-30 18:39 - 2018-01-25 18:40 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
2018-02-01 17:23 - 2013-06-04 12:30 - 000050432 ____R () C:\Users\marsha\AppData\Local\Temp\Extract.exe
2018-02-23 21:32 - 2017-09-20 16:08 - 000651400 _____ (HP Inc.) C:\Users\marsha\AppData\Local\Temp\HPSFUpdater.exe
2018-05-19 20:22 - 2018-05-10 14:25 - 000186688 _____ (RealNetworks, Inc.) C:\Users\marsha\AppData\Local\Temp\lowproc.exe
2018-03-02 11:21 - 2013-04-10 09:25 - 001044048 ____N (CANON INC.) C:\Users\marsha\AppData\Local\Temp\MSETUP4.EXE
2015-12-08 22:16 - 2015-12-08 22:16 - 006315592 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP67334.exe
2015-12-08 22:40 - 2015-12-08 22:40 - 010728136 _____ (InstallShield Software Corporation                          ) C:\Users\marsha\AppData\Local\Temp\SP69482.exe
2016-01-09 11:35 - 2016-01-09 11:35 - 032098992 _____ (Hewlett-Packard Company                                     ) C:\Users\marsha\AppData\Local\Temp\SP69888.exe
2016-01-11 14:49 - 2016-01-11 14:49 - 023991888 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP70781.exe
2017-03-20 11:14 - 2017-03-20 11:14 - 134946480 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP70823.exe
2016-09-22 16:20 - 2016-09-22 16:20 - 004872320 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP71829.exe
2016-01-08 13:30 - 2016-01-08 13:30 - 112956168 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP71875.exe
2016-06-17 07:33 - 2016-06-17 07:33 - 255983416 _____ (Hewlett-Packard                                             ) C:\Users\marsha\AppData\Local\Temp\SP74867.exe
2016-09-09 12:24 - 2016-09-09 12:24 - 096947816 _____ (HP Inc.                                                     ) C:\Users\marsha\AppData\Local\Temp\SP75196.exe
2018-02-23 21:40 - 2017-09-27 10:33 - 000172400 _____ (HP Inc.) C:\Users\marsha\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-22 13:44
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 24 May 2018 - 07:55 AM

Hi,
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 30 May 2018 - 06:50 AM

Hi,

I apologize for my last message.
I did not give you any instructions.

Do you still need help with this computer?

#6 Mars12

Mars12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 May 2018 - 12:18 PM

I did a restore default to my computer. How to scan my phone for the same problems. My phone cpu is having the same problem too. What I do with my computer and my phone?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 30 May 2018 - 12:38 PM

Hi,

No walware was found in your logs.

However, Torch has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.

You this page to remove it
http://www.dummies.com/computers/operating-systems/windows-8/add-or-remove-programs-in-windows-8/

Torch (HKU\S-1-5-21-2841095455-3161076074-2937936481-1001\...\Torch) (Version: 60.0.0.1508 - Torch Media, Inc) <==== ATTENTION

It's your call.
===

Is chrome installed on this computer?
Is it infected also.

#8 Mars12

Mars12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 May 2018 - 03:15 PM

The program is gone.  how do check my system to see if its clean.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 31 May 2018 - 08:05 AM

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users