Jks it was protected by BitDefender under safefiles
Here is the log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by LocalAdmin (administrator) on R9KZHA4 (24-08-2017 19:40:55)
Running from C:\Users\LocalAdmin.R9KZHA4\Desktop
Loaded Profiles: LocalAdmin (Available Profiles: LocalAdmin & Administrator)
Platform: Windows 8 Enterprise (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(uWebb Software) D:\Stuff\Stuff\RealTemp_370\RealTemp.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [322312 2017-06-27] (Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [EsBOCOMUserTool] => C:\Program Files (x86)\BOCOM\USBkey 2G\USBkey 2G-WDC-OKey\bocom2g_wdc_mon.exe [436576 2016-07-18] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-08-02] ()
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-26]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk [2014-01-31]
ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{819A0CA4-7F3E-4585-965D-23FBF31126E2}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{9E9EECF4-F521-4B5A-A65D-1D7E336D18E2}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EA7490DC-4EA0-42D1-9C4B-9CC00E01988B}: [DhcpNameServer] 192.168.8.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope
https://google.com.au URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> {2BAB5131-8B83-25EC-225F-35591E27570B} URL = hxxp://
www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKU\.DEFAULT -> No Name - {5347542D-5636-006A-76A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default [2017-08-21]
FF Homepage: Mozilla\Firefox\Profiles\dux96u9g.default -> hxxps://
www.google.com.au/
about
references
FF Extension: (Video DownloadHelper) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-07]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @infosec.com.cn/npinfosec_infosec_netsign -> C:\Program Files (x86)\Infosec NetSign Plugins\npInfosecNetSign.dll [2014-02-19] ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-02] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1305087049-1155765426-3812204079-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LocalAdmin.R9KZHA4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-05-16] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\npInfosecNetSign.js [2013-05-17]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-30]
CHR Extension: (Adblock Plus) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-30]
CHR Extension: (uBlock Origin) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-30]
CHR Extension: (Sword Art Online 09 - 1366x768) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\clildiljdjhiolnjmibacgkngbhmepck [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-30]
CHR Extension: (Arabic) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-04]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2017-07-30]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2017-07-30]
CHR Extension: (ChemReference: Periodic Table) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib [2017-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-31]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9039536 2017-07-31] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2127552 2017-06-29] (Bitdefender)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2017-01-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SEVPNCLIENT; C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-06-27] (Bitdefender)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1421608 2017-06-30] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-04-19] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 bocomsafetyctrl; C:\WINDOWS\system32\Drivers\bocomsafetyctrlx64.sys [36584 2015-10-08] (Bocom)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2013-05-26] (Echobit, LLC)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R1 HBtnKey; C:\WINDOWS\system32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-21] ()
S0 IFCoEMP; C:\WINDOWS\System32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)
S0 IFCoEVB; C:\WINDOWS\System32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)
R0 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [346704 2017-06-08] (Bitdefender)
S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-22] (SoftEther Project at University of Tsukuba, Japan.)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
S3 nmwcdnsux64; C:\WINDOWS\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Nokia) [File not signed]
S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [105472 2012-07-04] (REDC) [File not signed]
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [28272 2017-08-07] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2014-06-02] (Texas Instruments) [File not signed]
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-07] (Microsoft Corporation)
R3 WinRing0_1_2_0; D:\Stuff\Stuff\RealTemp_370\WinRing0x64.sys [14544 2016-11-02] (OpenLibSys.org)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-24 19:40 - 2017-08-24 19:41 - 00028914 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\FRST.txt
2017-08-24 18:39 - 2017-08-24 19:14 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Desktop\farbar recover 1
2017-08-20 00:58 - 2017-08-20 00:58 - 00035096 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Combo fix log.txt
2017-08-20 00:43 - 2017-08-20 00:43 - 00035096 _____ C:\ComboFix.txt
2017-08-19 23:58 - 2011-06-26 16:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-08-19 23:58 - 2010-11-08 03:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-08-19 23:58 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-08-19 23:45 - 2017-08-20 00:43 - 00000000 ____D C:\Qoobox
2017-08-19 23:42 - 2017-08-20 00:35 - 00000000 ____D C:\WINDOWS\erdnt
2017-08-19 23:35 - 2017-08-19 23:35 - 05659788 ____R (Swearware) C:\Users\LocalAdmin.R9KZHA4\Downloads\ComboFix.exe
2017-08-18 19:36 - 2017-08-18 21:03 - 00000000 ____D C:\ProgramData\ProductData
2017-08-18 16:32 - 2017-08-18 16:32 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\CrashDumps
2017-08-18 15:15 - 2017-08-18 15:15 - 05154856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-18 01:32 - 2014-01-31 10:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-08-18 01:32 - 2014-01-31 10:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-08-18 01:31 - 2014-02-01 16:55 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2017-08-18 01:30 - 2014-02-04 09:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-08-18 01:30 - 2014-02-04 09:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-18 01:30 - 2014-01-27 13:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-18 01:30 - 2014-01-03 09:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2017-08-18 01:30 - 2014-01-03 09:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2017-08-17 15:00 - 2014-06-18 09:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2017-08-17 15:00 - 2014-06-18 09:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2017-08-11 21:57 - 2017-08-11 21:57 - 00001406 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\LoL Logs.zip
2017-08-09 19:54 - 2017-08-09 19:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 01:15 - 2017-08-08 01:15 - 00003634 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\JRT.txt
2017-08-08 00:24 - 2017-08-08 00:24 - 01790024 _____ (Malwarebytes) C:\Users\LocalAdmin.R9KZHA4\Downloads\JRT.exe
2017-08-07 23:37 - 2017-08-07 23:44 - 00000000 ____D C:\AdwCleaner
2017-08-07 23:35 - 2017-08-07 23:35 - 08185288 _____ (Malwarebytes) C:\Users\LocalAdmin.R9KZHA4\Downloads\AdwCleaner.exe
2017-08-07 12:43 - 2014-07-12 14:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2017-08-07 12:43 - 2014-07-12 14:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2017-08-07 12:43 - 2014-07-12 10:02 - 00478352 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-08-07 12:43 - 2014-07-12 10:00 - 00478352 _____ C:\WINDOWS\system32\locale.nls
2017-08-07 12:43 - 2014-07-09 08:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2017-08-07 12:43 - 2014-07-09 08:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-07 12:43 - 2014-07-09 08:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2017-08-07 12:43 - 2014-07-09 08:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-07 12:43 - 2014-07-07 15:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-08-07 12:43 - 2014-07-07 15:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-08-07 12:43 - 2014-07-04 20:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-08-07 12:43 - 2014-06-28 17:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-08-07 12:43 - 2014-06-28 16:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2017-08-07 12:43 - 2014-06-18 09:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-08-07 12:43 - 2014-06-18 09:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-08-07 02:42 - 2017-08-07 15:23 - 00000000 ____D C:\ProgramData\RogueKiller
2017-08-07 02:42 - 2017-08-07 02:42 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-07 02:41 - 2017-08-24 19:37 - 00001033 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-07 02:41 - 2017-08-07 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-07 02:40 - 2017-08-07 02:41 - 00000000 ____D C:\Program Files\RogueKiller
2017-08-07 02:37 - 2017-08-07 02:37 - 00001095 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Malwarebytes scan.txt
2017-08-07 02:34 - 2017-08-07 02:35 - 35667336 _____ (Adlice Software ) C:\Users\LocalAdmin.R9KZHA4\Downloads\RogueKiller_setup_ref3.exe
2017-08-07 02:20 - 2017-08-16 02:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-01 22:51 - 2017-08-01 22:51 - 00017193 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\7342fce4-d187-4dbc-bdff-6950bcf7fa58 (2).ics
2017-07-30 22:36 - 2017-08-24 19:40 - 00000000 ____D C:\FRST
2017-07-30 22:36 - 2017-07-30 22:36 - 02381312 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Desktop\FRST64.exe
2017-07-30 22:25 - 2017-07-30 22:25 - 01778176 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.exe
2017-07-28 13:29 - 2017-07-28 13:29 - 00129957 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Screenshots.zip
2017-07-27 16:24 - 2017-07-27 16:24 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Tvsukernel
2017-07-27 16:18 - 2017-08-22 17:56 - 00031152 _____ C:\WINDOWS\system32\Drivers\pmxdrv.sys
2017-07-26 18:54 - 2017-07-26 18:54 - 00001805 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Mesg to Broni.txt
2017-07-26 18:44 - 2017-07-26 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:42 - 2017-07-26 18:42 - 00000000 ____D C:\WINDOWS\net35
2017-07-26 17:53 - 2017-07-26 17:53 - 00001048 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cmd.lnk
2017-07-26 16:40 - 2017-07-26 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-07-26 11:02 - 2016-01-06 06:16 - 00826328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-26 11:02 - 2016-01-06 06:16 - 00176088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-25 21:58 - 2014-10-09 14:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-07-25 21:58 - 2014-10-09 14:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-07-25 21:58 - 2014-10-09 14:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2017-07-25 21:20 - 2017-08-17 19:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-25 20:26 - 2014-07-16 08:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-25 17:14 - 2014-04-17 04:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-07-25 17:14 - 2014-04-17 04:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-24 19:39 - 2016-11-11 22:54 - 00001315 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\nativelog.txt
2017-08-24 19:39 - 2012-07-26 15:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-08-24 19:36 - 2017-07-12 18:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-08-24 19:36 - 2015-12-28 21:15 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\.minecraft
2017-08-24 19:35 - 2013-11-17 18:40 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Windows Live
2017-08-24 19:08 - 2017-02-21 18:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-08-24 18:41 - 2012-07-26 17:28 - 00762136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-24 18:41 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\Inf
2017-08-24 18:39 - 2013-03-18 16:06 - 00000639 _____ C:\WINDOWS\SMSCFG.INI
2017-08-24 18:38 - 2017-07-12 18:38 - 00003648 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-08-24 18:37 - 2014-08-22 21:04 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client
2017-08-24 18:35 - 2012-07-26 17:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-24 01:43 - 2017-07-13 17:22 - 00034143 _____ C:\bdlog.txt
2017-08-23 21:25 - 2017-07-14 00:34 - 00832316 _____ C:\WINDOWS\ntbtlog.txt
2017-08-23 21:23 - 2012-07-26 15:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-08-23 15:18 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-08-20 00:33 - 2012-07-26 15:26 - 00000215 _____ C:\WINDOWS\system.ini
2017-08-19 22:41 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Packages
2017-08-19 22:12 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-08-18 21:19 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-08-18 19:48 - 2016-04-03 15:10 - 00000000 ____D C:\WINDOWS\rescache
2017-08-18 17:43 - 2013-05-31 14:40 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ElevatedDiagnostics
2017-08-18 02:34 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Windows Defender
2017-08-18 02:34 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-08-18 02:33 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-18 02:33 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-18 02:32 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-08-18 00:47 - 2013-04-30 19:30 - 00002982 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-08-17 23:40 - 2013-03-18 16:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-17 18:45 - 2013-03-18 19:11 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-17 18:36 - 2012-07-26 15:26 - 00000167 _____ C:\WINDOWS\win.ini
2017-08-17 16:22 - 2012-07-26 18:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-08-17 15:17 - 2013-05-01 16:28 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-13 15:15 - 2013-03-18 16:08 - 00000000 ____D C:\WINDOWS\CCM
2017-08-09 19:54 - 2016-07-01 19:09 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord
2017-08-09 19:54 - 2016-07-01 19:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord
2017-08-09 16:20 - 2017-05-08 21:40 - 00004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-09 16:20 - 2017-04-03 14:27 - 00004482 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-09 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-09 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-08-09 15:16 - 2015-12-06 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-07 22:06 - 2016-11-10 20:59 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Battle.net
2017-08-07 21:48 - 2017-01-15 15:20 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-08-07 21:48 - 2017-01-15 15:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Overwolf
2017-08-07 21:43 - 2016-11-10 20:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-08-07 02:36 - 2017-04-20 16:56 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-06 08:38 - 2017-07-14 00:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-08-03 02:21 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Adobe
2017-08-03 02:21 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Adobe
2017-08-01 15:34 - 2013-05-01 17:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Skype
2017-07-27 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AppCompat
2017-07-27 16:14 - 2014-12-13 12:04 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-26 18:44 - 2016-09-01 11:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-07-26 18:42 - 2013-04-30 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-26 18:42 - 2013-04-30 19:26 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-26 16:44 - 2013-03-18 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-26 16:40 - 2013-03-18 18:11 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-26 11:03 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\servicing
2017-07-26 10:53 - 2012-07-26 18:12 - 00000000 ___RD C:\WINDOWS\ToastData
2017-07-26 10:52 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\WinStore
2017-07-26 10:52 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 10:47 - 2012-07-26 17:53 - 00000000 ____D C:\Program Files\Windows Journal
2017-07-25 22:02 - 2013-03-18 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Virtualization Client
==================== Files in the root of some directories =======
2013-07-22 19:19 - 2014-07-08 12:08 - 0000915 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\coreavc.ini
2014-05-20 21:20 - 2014-05-20 21:20 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\102.tmp
2013-09-21 23:30 - 2013-09-21 23:30 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\E8D7.tmp
2013-07-21 12:04 - 2013-07-21 12:25 - 0010752 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-22 23:01 - 2017-05-09 09:53 - 0000600 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\PUTTY.RND
2016-07-18 18:39 - 2016-07-18 18:39 - 5117952 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ResPacketT.dll
2015-01-15 21:11 - 2015-01-15 21:11 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\{EAC3C051-5B65-4BB6-8603-125156EC2D87}
2017-07-12 18:36 - 2017-07-12 18:36 - 0051124 _____ () C:\ProgramData\agent.1499848547.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0480136 _____ () C:\ProgramData\cl.1499849406.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0074895 _____ () C:\ProgramData\cl.kit.1499849373.bdinstall.bin
2017-07-12 19:35 - 2017-07-12 19:35 - 0057154 _____ () C:\ProgramData\dm.1499852042.bdinstall.bin
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-08-23 17:27
==================== End of FRST.txt ============================