Inactive TROJAN.bat.agent.bag

Status
Not open for further replies.
T

TrojanedPC18

The ppl at bleepingcomputer dont know.
I'll try here.

Only reason I ran a virus scan is because GOOGLE told me unusual activity was coming from my I.p.

the virus are NOT visible in the TEMP folder either .

ussss.png
 
I googled the virus:
"trojan.bat.agent.bag"
and only Four search results came up. ALL irrelevant .

Yup... I have a NEW virus fellas.
Or the government is really monitoring me for whatever reason.
 
Welcome aboard
p22002758.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Brent (administrator) on I (21-10-2018 03:30:59)
Running from C:\Users\Brent\Downloads
Loaded Profiles: Brent (Available Profiles: Brent)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skyward Software) C:\Users\Brent\Downloads\IP Traffic Monitor\TraffMon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Skyward Software) C:\Users\Brent\Downloads\IP Traffic Monitor\TraffMon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [Microsoft-Security] => C:\Users\Brent\Desktop\PS3 BO1 TooL by ModzKo\PS3 BO1 TooL by ModzKo\PS3 BlackOps 1 by MoDz Ko.exe
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [BlueStacksFriends] => C:\Users\Brent\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [BDE X Man] => C:\Program Files (x86)\Coipos Software\BDE Seven\BDE7Tool.exe [796672 2010-09-03] (Coipos Software)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {3ef70555-5aa2-11e8-bea7-2c59e5a15780} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {3ef7059b-5aa2-11e8-bea7-2c59e5a15780} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {c2092e38-57c2-11e6-be8c-2c59e5a15780} - "G:\VZW_Software_upgrade_assistant.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4216165844-3389008296-2946304690-1002] => 124.195.19.18:808
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{10C67E87-8D9F-46D9-BC5C-7CCDEFD21D87}: [DhcpNameServer] 74.120.223.161 74.120.223.163
Tcpip\..\Interfaces\{8EC65707-ECA2-4AE4-9E51-FAA4AB179921}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F828DBBD-8FC7-4710-A82D-C2883B4D1D9A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duckduckgo.com/
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-4216165844-3389008296-2946304690-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4216165844-3389008296-2946304690-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://hihmfplpcpfngfbboggcloogcnigfamh/newtab.html"
CHR Profile: C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
CHR Extension: (Docs) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Google Drive) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (DuckDuckGo) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-10-20]
CHR Extension: (YouTube) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (WebRTC Leak Shield) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2018-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-12]
CHR Extension: (Google Search) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (KProxy Extension) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2017-11-09]
CHR Extension: (SearchLock New Tab) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihmfplpcpfngfbboggcloogcnigfamh [2016-12-27]
CHR Extension: (Color Change for Google™) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2018-04-23]
CHR Extension: (Skype) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-09]
CHR Extension: (KProxy Background App) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\maicibfoihmlppibfkljeljefamfndbp [2016-03-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-09-12]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2018-07-14]
CHR Extension: (Auto Refresh Blocker) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhmgghfmjjoejobimppckbalonobkck [2017-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-10-12]
CHR Extension: (No Name) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-10-21]
CHR Extension: (Gmail) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-24]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [138912 2017-12-16] (eVenture Limited)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-17] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2015-05-24] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2015-05-24] (Windows (R) Win 7 DDK provider)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-10-20] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2017-12-15] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-08-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-08-17] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-08-17] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-21 03:30 - 2018-10-21 03:32 - 000018836 _____ C:\Users\Brent\Downloads\FRST.txt
2018-10-21 03:30 - 2018-10-21 03:30 - 000000000 ____D C:\Users\Brent\Downloads\FRST-OlderVersion
2018-10-21 03:29 - 2018-10-21 03:30 - 002414592 _____ (Farbar) C:\Users\Brent\Downloads\FRST64.exe
2018-10-20 23:43 - 2018-10-20 23:43 - 000000000 ____D C:\Users\Brent\AppData\Local\{AE4AB2C8-5C0F-4329-9605-1B42DCF80332}
2018-10-20 11:43 - 2018-10-20 11:43 - 000000000 ____D C:\Users\Brent\AppData\Local\{392B2526-0EB8-4618-8DDC-BA030D979E5C}
2018-10-20 08:30 - 2018-10-20 08:30 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-10-20 07:02 - 2018-10-21 00:09 - 000000000 ____D C:\Users\Brent\Downloads\IP Traffic Monitor
2018-10-19 23:42 - 2018-10-19 23:42 - 000000000 ____D C:\Users\Brent\AppData\Local\{878F2967-AEE0-4074-AEC7-D03BC5383A8F}
2018-10-19 09:37 - 2018-10-21 03:30 - 000000000 ____D C:\FRST
2018-10-19 03:32 - 2018-10-19 03:32 - 000001256 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2018-10-19 03:32 - 2018-10-19 03:32 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-10-19 03:32 - 2018-10-19 03:32 - 000001130 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2018-10-19 03:11 - 2018-10-19 03:12 - 000000000 ____D C:\Users\Brent\AppData\Local\{E7CE6FC4-C62C-4935-A942-4194BDD6DD1C}
2018-10-19 01:17 - 2018-10-19 01:34 - 000000000 ____D C:\Users\Brent\Desktop\deciphaaa
2018-10-18 00:26 - 2018-10-18 00:26 - 000000000 ____D C:\Users\Brent\AppData\Local\{DF352403-B76E-46B8-89B5-76DF7ECB25F5}
2018-10-15 18:41 - 2018-10-15 18:41 - 000000000 ____D C:\Users\Brent\AppData\Local\{62D3AA23-0F4A-4C68-BFCF-EC1311ED8A9E}
2018-10-15 18:13 - 2018-10-15 18:13 - 000000000 _____ C:\Users\Brent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-12 08:54 - 2018-10-12 08:54 - 000000000 ____D C:\Users\Brent\AppData\Local\{6FAA5972-5398-4F23-806F-19C5E05559D9}
2018-10-10 16:16 - 2018-10-10 16:17 - 000262144 _____ C:\Users\Brent\Documents\TurbStang-Tune2222.bin
2018-10-10 15:47 - 2018-10-16 06:46 - 000262144 _____ C:\Users\Brent\Documents\TurbStang-Tune.bin
2018-10-10 15:37 - 2018-10-10 15:37 - 000006382 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2018-10-09 18:46 - 2018-10-09 18:46 - 000315735 _____ C:\Users\Brent\Documents\TuningNotes & terms.pdf
2018-10-09 10:05 - 2018-10-09 10:05 - 000000000 ____D C:\Users\Brent\AppData\Local\{D9622D64-63D5-4605-B164-6572459FD164}
2018-10-09 10:03 - 2018-10-09 10:51 - 000000000 ____D C:\Users\Brent\Desktop\EXH flameTHROW
2018-10-09 03:39 - 2018-10-09 03:39 - 000000990 _____ C:\WINDOWS\CE130.INI
2018-10-09 03:24 - 2018-10-09 03:24 - 000000000 ____D C:\Program Files (x86)\Borland Engine tuning
2018-10-09 03:24 - 1998-10-10 05:01 - 000211936 _____ C:\WINDOWS\SysWOW64\DBCLIENT.DLL
2018-10-09 03:24 - 1998-10-10 05:01 - 000183808 _____ C:\WINDOWS\SysWOW64\BDEADMIN.CPL
2018-10-09 03:17 - 2018-10-10 16:07 - 000013030 _____ C:\Users\Public\PDOXUSRS.NET
2018-10-09 03:16 - 2018-10-09 03:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE eXpress Windows 7
2018-10-09 03:16 - 2018-10-09 03:16 - 000000000 ____D C:\Program Files (x86)\Coipos Software
2018-10-09 03:16 - 2010-09-03 17:20 - 000796672 _____ (Coipos Software) C:\WINDOWS\BDE7Tool.exe
2018-10-09 03:16 - 2007-03-12 14:52 - 000000248 _____ C:\WINDOWS\SysWOW64\vs32971.vxd
2018-10-09 03:11 - 2000-08-10 23:06 - 000007883 _____ C:\WINDOWS\Eng_UK.gpl
2018-10-08 12:31 - 2018-10-08 12:31 - 000000000 ____D C:\Users\Brent\AppData\Local\{F9BCB8F7-85F8-46F0-B7C2-EE857EF5E9F4}
2018-10-08 07:38 - 2018-10-08 07:38 - 000000000 ____D C:\Users\Brent\AppData\Local\{0D9A1668-DA80-4381-8B2C-3B1E47962625}
2018-10-08 07:19 - 2018-10-08 07:19 - 000000000 ____D C:\Users\Brent\AppData\Local\{E86668EF-2A31-447E-93CF-73F830BA97AA}
2018-10-08 05:33 - 2018-10-08 05:33 - 000000000 ____D C:\Users\Brent\AppData\Local\{DF6EE1F9-287C-4FF7-A88E-BB90FCCEF53D}
2018-10-08 03:31 - 2018-10-08 03:31 - 000000000 ____D C:\Users\Brent\AppData\Local\{226219E4-6B7F-489D-A2B3-9D35F4818463}
2018-10-08 02:30 - 2018-10-08 02:30 - 000000000 ____D C:\Users\Brent\AppData\Local\{EBA3B4E4-D128-430F-8487-04DCDA843684}
2018-10-08 02:13 - 2018-10-08 02:13 - 000000000 ____D C:\Users\Brent\AppData\Local\{CEB8D840-E49D-4DDA-BF4E-FF1711840EE5}
2018-10-08 02:12 - 2018-10-08 02:12 - 000000000 ____D C:\Users\Brent\AppData\Local\{F876872A-2152-4F8D-BDB2-D0C1148B5B36}
2018-10-08 01:59 - 2018-10-08 01:59 - 000000000 ____D C:\Users\Brent\AppData\Local\{12CDC6B7-B04F-480D-ACFA-7D608B31992B}
2018-10-08 00:59 - 2018-10-08 00:59 - 000000000 ____D C:\Users\Brent\AppData\Local\{29999F41-F181-4CC2-86D2-B9118BDD325E}
2018-10-07 09:46 - 2018-10-07 09:46 - 000000000 ____D C:\Users\Brent\AppData\Local\{22EF02AC-229F-448F-A090-2F7F38B0AA92}
2018-10-06 19:20 - 2018-10-06 19:21 - 002207699 _____ C:\Users\Brent\Desktop\DeereKartTO.wmv
2018-10-06 19:18 - 2018-10-06 19:18 - 000000000 ____D C:\Users\Brent\AppData\Local\{0462CCC1-EC6B-44EB-AF7B-FF41A1429A5B}
2018-10-06 04:36 - 2018-10-06 04:36 - 000000000 ____D C:\Users\Brent\AppData\Local\{7A6B0174-19ED-4D21-ACCB-0D5511FBFE63}
2018-10-04 22:54 - 2018-10-04 22:54 - 000000000 ____D C:\Users\Brent\AppData\Local\{8B6DA3EB-073D-4BBD-A08B-F56B8E565C41}
2018-10-04 22:22 - 2018-10-09 02:50 - 000000000 ____D C:\Users\Brent\Desktop\blahintro,outro
2018-10-04 04:17 - 2018-10-04 04:17 - 000000000 ____D C:\Users\Brent\AppData\Local\{19F52AEF-E8CB-44DA-8326-3B1262A0C331}
2018-10-03 11:50 - 2018-10-03 11:50 - 000000000 ____D C:\Users\Brent\AppData\Local\{A07ECC38-A21E-4E89-8D86-BF1A0E033396}
2018-10-02 23:49 - 2018-10-02 23:50 - 000000000 ____D C:\Users\Brent\AppData\Local\{ED56BC82-B2CF-4506-9BAF-F452A08C178A}
2018-10-01 16:08 - 2018-10-01 16:08 - 000000000 ____D C:\Users\Brent\AppData\Local\{8CE83E99-950C-4A05-A07B-7A2A1D771527}
2018-09-30 21:44 - 2018-09-30 21:44 - 000000000 ____D C:\Users\Brent\AppData\Local\{F0A2BA30-036F-46C6-8DA2-5BE0FBA197D0}
2018-09-30 02:13 - 2018-09-30 02:13 - 000000000 ____D C:\Users\Brent\AppData\Local\{651B2B1F-2952-4A49-8CB7-477C88204333}
2018-09-30 01:29 - 2018-10-04 22:55 - 000000000 ____D C:\Users\Brent\Desktop\Light-Upgrade
2018-09-30 00:52 - 2018-09-30 01:15 - 000000000 ____D C:\Users\Brent\Desktop\DIYGK
2018-09-28 23:28 - 2018-09-28 23:29 - 011161965 _____ C:\Users\Brent\Desktop\BlueFLMZ.wmv
2018-09-28 22:58 - 2018-10-19 03:26 - 000000000 ____D C:\Users\Brent\Desktop\DEEREkart#2
2018-09-28 21:45 - 2018-09-28 21:45 - 000000000 ____D C:\Users\Brent\AppData\Local\{9F2359C6-BF5C-4986-AEAF-4A63E9BD6B9A}
2018-09-25 18:02 - 2018-09-26 18:14 - 000000000 ____D C:\Users\Brent\AppData\Local\{DD3CE688-8675-4AE0-A165-137867414288}
2018-09-25 14:10 - 2018-09-25 13:57 - 283390939 ____N C:\Users\Brent\Documents\20180925_135153.mp4
2018-09-25 06:01 - 2018-09-25 06:01 - 000000000 ____D C:\Users\Brent\AppData\Local\{CC51D977-B13D-46CB-8CAE-1658C794C51A}
2018-09-23 16:14 - 2018-09-28 23:49 - 000000000 ____D C:\Users\Brent\Desktop\Green-Flame
2018-09-23 16:04 - 2018-09-23 16:04 - 000000000 ____D C:\Users\Brent\AppData\Local\{1B054192-FC02-4968-93DB-0720DA8A696E}
2018-09-23 15:58 - 2018-10-07 06:41 - 000000000 ____D C:\Users\Brent\Desktop\InterCooler
2018-09-23 15:57 - 2018-10-16 03:53 - 000000000 ____D C:\Users\Brent\Desktop\Exhaust
2018-09-22 11:40 - 2018-10-18 00:32 - 000003150 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrent
2018-09-22 11:40 - 2018-10-18 00:32 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBrent.job
2018-09-22 02:15 - 2018-09-22 02:15 - 000000000 ____D C:\Users\Brent\AppData\Local\{8EEC123D-F3F0-42DD-AAEB-B44A6DBED699}
2018-09-22 01:43 - 2018-09-21 01:44 - 053166074 _____ C:\Users\Brent\Desktop\turbFLAME.mp4
2018-09-21 07:06 - 2018-09-21 07:07 - 000000000 ____D C:\Users\Brent\Downloads\ccaq
2018-09-21 03:46 - 2018-09-21 03:46 - 000000000 ____D C:\Users\Brent\AppData\Local\{BF561AB2-30ED-4315-B738-A92CCD009190}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-21 01:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-21 00:22 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-10-21 00:15 - 2015-08-02 11:41 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4216165844-3389008296-2946304690-1002
2018-10-21 00:10 - 2016-01-01 07:17 - 013971968 ___SH C:\Users\Brent\Desktop\Thumbs.db
2018-10-20 06:48 - 2015-08-18 00:34 - 006317568 ___SH C:\Users\Brent\Downloads\Thumbs.db
2018-10-20 04:37 - 2018-01-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2018-10-19 10:28 - 2017-09-24 02:06 - 000000000 ____D C:\Users\Brent\AppData\Local\Bluestacks
2018-10-19 03:35 - 2017-06-01 19:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-10-19 03:32 - 2017-12-15 22:23 - 000000000 ____D C:\ProgramData\NCH Software
2018-10-19 03:32 - 2017-12-15 22:23 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-10-19 03:32 - 2017-06-01 19:43 - 000000000 ____D C:\Users\Brent\AppData\Roaming\NCH Software
2018-10-19 00:48 - 2017-12-10 05:36 - 000000000 ___RD C:\Users\Brent\Desktop\xxTUNINGxx
2018-10-18 00:30 - 2018-01-27 19:35 - 000000000 ____D C:\Users\Brent\Desktop\MOWER-2018
2018-10-12 08:43 - 2016-06-30 21:49 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-10 16:23 - 2015-08-02 14:19 - 000000000 ____D C:\Users\Brent\AppData\Local\CrashDumps
2018-10-10 15:37 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-10-10 13:11 - 2017-12-10 05:34 - 000000000 ____D C:\Users\Brent\Documents\TunerPro Files
2018-10-09 05:27 - 2017-09-22 07:38 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-10-09 05:27 - 2017-08-22 07:05 - 000004460 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-09 05:27 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-09 05:27 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-09 03:45 - 2017-12-09 19:30 - 000000000 ____D C:\Users\Brent\AppData\LocalLow\Adobe
2018-10-08 12:18 - 2015-12-27 02:29 - 000000000 ____D C:\Users\Brent\AppData\Local\ElevatedDiagnostics
2018-10-08 06:36 - 2016-07-09 20:16 - 000000000 ____D C:\Users\Brent\AppData\Roaming\Audacity
2018-10-08 06:35 - 2018-03-03 18:12 - 000000000 ____D C:\Users\Brent\Desktop\DRIFT-song
2018-10-08 06:35 - 2018-02-19 00:44 - 000000000 ___RD C:\Users\Brent\Desktop\BackGround Music
2018-10-08 06:33 - 2015-08-20 19:16 - 000000000 ____D C:\Users\Brent\Desktop\MP3s
2018-10-07 09:49 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-07 09:48 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-10-07 09:47 - 2015-08-17 02:10 - 000000000 ____D C:\Users\Brent
2018-10-06 07:40 - 2016-10-25 00:17 - 000108544 ___SH C:\Users\Brent\Documents\Thumbs.db
2018-10-06 07:30 - 2015-08-04 20:51 - 000000000 ____D C:\Users\Brent\Documents\Youcam
2018-10-05 00:33 - 2018-07-09 18:51 - 000000000 ____D C:\Users\Brent\Documents\Wondershare Filmora
2018-10-02 23:56 - 2018-07-12 05:52 - 000000000 ____D C:\Users\Brent\Desktop\Mustang Pics
2018-09-30 01:16 - 2017-12-19 05:16 - 000000000 ____D C:\Users\Brent\Desktop\Music Clips
2018-09-25 07:37 - 2018-09-15 23:14 - 000000512 _____ C:\Users\Brent\Desktop\Parts List.txt
2018-09-24 05:51 - 2018-01-31 23:53 - 000001681 _____ C:\Users\Brent\Desktop\resume-Automotive.txt
2018-09-23 04:20 - 2013-08-22 09:44 - 000363320 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2015-10-14 18:50 - 2015-10-14 18:50 - 000000131 _____ () C:\Users\Brent\tsMS.reg
2017-06-01 19:44 - 2017-06-01 20:16 - 000000905 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.1.txt
2017-06-01 19:44 - 2017-06-01 19:44 - 000001167 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.2.txt
2017-06-01 19:44 - 2017-12-15 22:23 - 000001167 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.txt
2017-06-01 19:44 - 2017-12-15 22:23 - 000000000 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-08-02 15:18 - 2015-08-07 12:18 - 000000097 _____ () C:\Users\Brent\AppData\Roaming\WB.CFG
2018-10-15 18:13 - 2018-10-15 18:13 - 000000000 _____ () C:\Users\Brent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-31 19:33 - 2018-05-07 01:25 - 000000409 _____ () C:\Users\Brent\AppData\Local\kdeglobals
2017-12-31 19:26 - 2018-05-07 01:27 - 000004103 _____ () C:\Users\Brent\AppData\Local\kdenliverc
2015-11-17 19:04 - 2015-11-17 19:04 - 000007607 _____ () C:\Users\Brent\AppData\Local\Resmon.ResmonCfg
2017-12-31 19:26 - 2017-12-31 19:26 - 000000533 _____ () C:\Users\Brent\AppData\Local\user-places.xbel
2017-12-31 19:26 - 2017-12-31 19:26 - 000000000 _____ () C:\Users\Brent\AppData\Local\user-places.xbel.tbcache

Some files in TEMP:
====================
2018-01-08 22:26 - 2018-05-16 09:44 - 000824864 _____ (BlueStack Systems, Inc.) C:\Users\Brent\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-09-24 07:16 - 2017-09-24 07:16 - 033689344 _____ (BlueStack Systems, Inc.) C:\Users\Brent\AppData\Local\Temp\BlueStacksFriends-Setup-11.0.2.exe
2015-10-22 08:04 - 2015-10-22 08:04 - 000467456 _____ (Realtek Semiconductor Corp.) C:\Users\Brent\AppData\Local\Temp\COMAP.EXE
2018-01-11 17:06 - 2013-07-29 14:40 - 000086392 _____ () C:\Users\Brent\AppData\Local\Temp\dp-chooser.exe
2018-01-11 17:06 - 2013-07-29 14:41 - 000676288 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\dpinst-amd64.exe
2018-01-11 17:06 - 2013-07-29 14:41 - 000550848 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\dpinst-x86.exe
2009-07-13 14:12 - 2009-07-13 14:12 - 001047632 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\DPInstx64.exe
2009-07-13 13:47 - 2009-07-13 13:47 - 000922176 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\DPInstx86.exe
2010-10-08 03:07 - 2010-10-08 03:07 - 000075672 _____ () C:\Users\Brent\AppData\Local\Temp\DPInst_Monx64.exe
2010-10-08 03:07 - 2010-10-08 03:07 - 000075160 _____ () C:\Users\Brent\AppData\Local\Temp\DPInst_Monx86.exe
2018-04-29 04:50 - 2018-04-29 04:50 - 000353280 _____ (KSDev) C:\Users\Brent\AppData\Local\Temp\dskinengine.dll
2017-12-12 13:24 - 2017-12-12 13:24 - 000219496 _____ (FTDI Ltd.) C:\Users\Brent\AppData\Local\Temp\ftd2xx3644316505497067891.dll
2018-01-08 22:26 - 2018-05-16 09:43 - 000421368 _____ (CodeTitans) C:\Users\Brent\AppData\Local\Temp\JSON.dll
2010-10-08 03:06 - 2010-10-08 03:06 - 000075152 _____ () C:\Users\Brent\AppData\Local\Temp\OS_Detect.exe
2017-03-27 22:13 - 2017-03-27 22:13 - 005867648 _____ (eVenture Limited ) C:\Users\Brent\AppData\Local\Temp\tmpDD13.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
Status
Not open for further replies.

Similar threads

midian182
Chrome incognito mode not so private: Google to settle in class-action lawsuit
Replies
10
Views
317
user556
U
losdavos
Malware removal help, please and thank you!
Replies
1
Views
838
losdavos
losdavos
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
484
eriksnyman1
E

Latest posts

Back